From owner-freebsd-isp Wed Mar 25 02:26:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA14868 for freebsd-isp-outgoing; Wed, 25 Mar 1998 02:26:38 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA14863 for ; Wed, 25 Mar 1998 02:26:36 -0800 (PST) (envelope-from kpielorz@tdx.co.uk) Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242]) by caladan.tdx.co.uk (8.8.7/8.8.7) with ESMTP id KAA22777 for ; Wed, 25 Mar 1998 10:26:37 GMT (envelope-from kpielorz@tdx.co.uk) Message-ID: <3518DBDD.79E76018@tdx.co.uk> Date: Wed, 25 Mar 1998 10:26:37 +0000 From: Karl Pielorz Organization: TDX X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: isp@FreeBSD.ORG Subject: Kernel sysctl... Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org While looking through the sysctl's I found the one: net.inet.ip.redirect=1 Does this mean what I think it does? (i.e. that the kernel will honour icmp redirects?) - Our firewall drops all sourcerouted packets etc. - but is there anything wrong with setting this to '0' as well? (just to be sure)? I guess if I do this I'm going to have to make sure each box knows about the network (at the moment they actually do get ICMP redirects from our default router - telling them where the different bits of our subnetted network are... :-( Also: net.inet.ip.sourceroute=0 I presume means the kernel will also drop source-routed packets? (as well as our ipfw blocking them?) Is there any way of setting this in the Kernel at compile time (I've looked around in LINT to no avail... :-( Were running 2.2.5-R... Regards, Karl Pielorz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message