Date: Fri, 14 Jun 2024 08:50:09 -0400 From: Ed Maste <emaste@freebsd.org> To: Chris <bsd-lists@bsdforge.com> Cc: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>, freebsd-net@freebsd.org Subject: Re: Discarding inbound ICMP REDIRECT by default Message-ID: <CAPyFy2DmbfYOYvWKm7%2Bfq5RMgM8que6OW7LKJHKoMH=L%2B9-wwg@mail.gmail.com> In-Reply-To: <72ceb2fe26812a237a17bd8de4024b7f@bsdforge.com> References: <202406122147.45CLlsgN042313@gndrsh.dnsmgr.net> <72ceb2fe26812a237a17bd8de4024b7f@bsdforge.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 12 Jun 2024 at 18:05, Chris <bsd-lists@bsdforge.com> wrote: > > As Rodeney already effectively explains; dropping packets makes routing, > and discovery exceedingly difficult. Which is NOT what the average user > wants, This is on end hosts only, not routers (which already drop ICMP REDIRECT). > or expects. I use "set block-policy drop" in pf(4). But as already noted, > this is for "filtering" purposes. Your suggestion also has the negative > affect > of hanging remote ports. Which can result in other negative results by peers. I don't follow -- how does a host not processing ICMP REDIRECT cause these effects?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2DmbfYOYvWKm7%2Bfq5RMgM8que6OW7LKJHKoMH=L%2B9-wwg>