I have always found that one needs to set both the "all" and the "default" in order to guarantee the changes affect all interfaces regardless of when those interfaces are created. In the latest hardy version here are the options which only specify "all" and not "default" and "all":
# Do not accept ICMP redirects (prevent MITM attacks) #net/ipv4/conf/all/accept_redirects = 0 # _or_ # Accept ICMP redirects only for gateways listed in our default # gateway list (enabled by default) # net/ipv4/conf/all/secure_redirects = 1 # # Do not send ICMP redirects (we are not a router) #net/ipv4/conf/all/send_redirects = 0 # # Do not accept IP source route packets (we are not a router) #net/ipv4/conf/all/accept_source_route = 0 # # Log Martian Packets #net/ipv4/conf/all/log_martians = 1 My suggestions: * these options should have both "all" and "default" specified * clarify "we are not a router" - I have found that these settings can be turned on without issue on NAT "routers" * it might be wise to select either "." or "/" as a separator and not use both -- sysctl.conf, net.ipv4.conf.default.forwarding, race condition? https://bugs.launchpad.net/bugs/84537 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
