[PATCH] Documentation: ip-sysctl.txt: clarify secure_redirects

Eric Garver Thu, 26 May 2016 09:29:35 -0700

Clarify how secure_redirects works. Mention that RFC1122 always applies.

Signed-off-by: Eric Garver <e...@erig.me>
---
 Documentation/networking/ip-sysctl.txt | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)


diff --git a/Documentation/networking/ip-sysctl.txt 
b/Documentation/networking/ip-sysctl.txt
index 6c7f365b1515..9ae929395b24 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -1036,15 +1036,17 @@ proxy_arp_pvlan - BOOLEAN
 
 shared_media - BOOLEAN
        Send(router) or accept(host) RFC1620 shared media redirects.
-       Overrides ip_secure_redirects.
+       Overrides secure_redirects.
        shared_media for the interface will be enabled if at least one of
        conf/{all,interface}/shared_media is set to TRUE,
        it will be disabled otherwise
        default TRUE
 
 secure_redirects - BOOLEAN
-       Accept ICMP redirect messages only for gateways,
-       listed in default gateway list.
+       Accept ICMP redirect messages only to gateways listed in the
+       interface's current gateway list. Even if disabled, RFC1122 redirect
+       rules still apply.
+       Overridden by shared_media.
        secure_redirects for the interface will be enabled if at least one of
        conf/{all,interface}/secure_redirects is set to TRUE,
        it will be disabled otherwise
-- 
2.5.5

[PATCH] Documentation: ip-sysctl.txt: clarify secure_redirects

Reply via email to