From owner-freebsd-stable  Wed Sep 29  0: 1:29 1999
Delivered-To: freebsd-stable@freebsd.org
Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1])
	by hub.freebsd.org (Postfix) with ESMTP id B1CAC14D83
	for <stable@FreeBSD.ORG>; Wed, 29 Sep 1999 00:01:16 -0700 (PDT)
	(envelope-from ru@ucb.crimea.ua)
Received: (from ru@localhost)
	by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id KAA64590;
	Wed, 29 Sep 1999 10:00:04 +0300 (EEST)
	(envelope-from ru)
Date: Wed, 29 Sep 1999 10:00:04 +0300
From: Ruslan Ermilov <ru@ucb.crimea.ua>
To: Tom <tom@uniserve.com>
Cc: Gregory Bond <gnb@itga.com.au>, stable@FreeBSD.ORG
Subject: Re: ICMP REDIRECTs
Message-ID: <19990929100004.H55586@relay.ucb.crimea.ua>
Mail-Followup-To: Tom <tom@uniserve.com>, Gregory Bond <gnb@itga.com.au>,
	stable@FreeBSD.ORG
References: <199909290034.KAA19147@lightning.itga.com.au> <Pine.BSF.4.02A.9909281745420.14543-100000@shell.uniserve.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.3i
In-Reply-To: <Pine.BSF.4.02A.9909281745420.14543-100000@shell.uniserve.ca>; from Tom on Tue, Sep 28, 1999 at 05:52:31PM -0700
X-Operating-System: FreeBSD 3.2-STABLE i386
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Sep 28, 1999 at 05:52:31PM -0700, Tom wrote:
[...]
> 
>   Well, remember that ICMP redirects are just bandages to cover routing
> problems.  No one really should be routing that way.
> 
>   ICMP redirects are easily spoofed, so many systems ignore them.
> Otherwise they risk having their connectivity being disconnected on whim.
> Also, many systems no longer send ICMP redirects because some people
> actually want to pass traffic through an intervening system!  I don't know
> how FreeBSD ships these days, but I suggest that it should ship with
> ignore ICMP redirects as the default.
> 
4.0-CURRENT has net.inet.icmp.log_redirect and net.inet.icmp.drop_redirect,
for respectively logging and dropping ICMP REDIRECT packets (`off' by default).

Both 4.0-CURRENT and 3.3-RELEASE have net.inet.ip.redirect which controls
sending of ICMP redirects in response to unforwardable IP packets (defaults
to on).


-- 
Ruslan Ermilov		Sysadmin and DBA of the
ru@ucb.crimea.ua	United Commercial Bank,
ru@FreeBSD.org		FreeBSD committer,
+380.652.247.647	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message