However, the Linux kernel doesn't listen to ICMP redirects when it is configured as router and not as host. So, be careful setting up routing tables for routers. They have to be complete. No hints from other hosts will be accepted and only the local routing table decides where packages go.
Disable ICMP Redirects:
In most of the Linux flavors (Debian, Ubuntu, Redhat Enterprise linux, OpenSuSe) ICMP Redirects can be dynamically disabled on the host by adding the proper entries in the /etc/sysctl.conf configuration file. Simply edit the /etc/sysctl.conf file and add the following entries:
For IPv4
net.ipv4.conf.all.accept_redirects = 1For Ipv6
net.ipv4.conf.all.send_redirects = 1
net.ipv6.conf.all.accept_redirects = 1
net.ipv6.conf.all.send_redirects = 1
2 comments:
Holding a special place, some say, within the IP layer is ICMP. You're probably familiar with ICMP when you use the ping command because ping uses ICMP. ICMP, or Internet Control Message Protocol, has several uses, including being the underlying protocol for the ping command. There are 15 functions within ICMP each denoted by a type code. For instance, the type for an ICMP Echo Request (think: ping) is 8; the reply to that request, aptly titled an Echo Reply, is type 0. Within the different types there can also exist codes to specify the condition for the given type. The types and codes for ICMP messages are shown.
Recently I just came across a good article on "IPV6 - The “ ICMP Overview"
Here is its link.
I realise I'm two years too late on this, but this will do the complete opposite of what you say it will.
You want:
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
As in, "don't accept/send redirects".
Post a Comment