2012/2/21 Simon Deziel <[email protected]>: > The proposed changes are about _disabling_ ICMP redirects for tun-based > VPNs. Generally disabling send_redirects is something that should be > handled at the distro level IMO.
Right, your proposal is to disable them. Even so why net.ipv4.conf.all.send_redirects and not specific tun/tap devices? Indeed all net devices have send_redirects=1 by default. > FWIW, on Ubuntu, net.ipv4.conf.all.accept_redirects = 0 by default; > don't know on Debian though. On Debian this entry is commented in /etc/sysctl.conf. Anyone can remove # to disable it, but it seems this doesn't have any effect if it is enabled on specific net devices (ie. I get ICMP redirects from ovpn tap device). Could this be a bug in kernel? Thanks -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
