Date: Wed, 29 Sep 1999 10:00:04 +0300 From: Ruslan Ermilov <ru@ucb.crimea.ua> To: Tom <tom@uniserve.com> Cc: Gregory Bond <gnb@itga.com.au>, stable@FreeBSD.ORG Subject: Re: ICMP REDIRECTs Message-ID: <19990929100004.H55586@relay.ucb.crimea.ua> In-Reply-To: <Pine.BSF.4.02A.9909281745420.14543-100000@shell.uniserve.ca>; from Tom on Tue, Sep 28, 1999 at 05:52:31PM -0700 References: <199909290034.KAA19147@lightning.itga.com.au> <Pine.BSF.4.02A.9909281745420.14543-100000@shell.uniserve.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 28, 1999 at 05:52:31PM -0700, Tom wrote: [...] > > Well, remember that ICMP redirects are just bandages to cover routing > problems. No one really should be routing that way. > > ICMP redirects are easily spoofed, so many systems ignore them. > Otherwise they risk having their connectivity being disconnected on whim. > Also, many systems no longer send ICMP redirects because some people > actually want to pass traffic through an intervening system! I don't know > how FreeBSD ships these days, but I suggest that it should ship with > ignore ICMP redirects as the default. > 4.0-CURRENT has net.inet.icmp.log_redirect and net.inet.icmp.drop_redirect, for respectively logging and dropping ICMP REDIRECT packets (`off' by default). Both 4.0-CURRENT and 3.3-RELEASE have net.inet.ip.redirect which controls sending of ICMP redirects in response to unforwardable IP packets (defaults to on). -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990929100004.H55586>