linux poison RSS
linux poison Email

How to Disable ICMP Redirects in Linux

ICMP redirect messages represent one of the lowest level routing protocols for simple redirects. Routers send them to hosts to inform them about more efficient ways to reach a host rather than route them over themselves. A host will allow this message and will store this "hint" in a temporary table. It will send the next package directly to the host given by the ICMP redirect.

However, the Linux kernel doesn't listen to ICMP redirects when it is configured as router and not as host. So, be careful setting up routing tables for routers. They have to be complete. No hints from other hosts will be accepted and only the local routing table decides where packages go.

Disable ICMP Redirects:
In most of the Linux flavors (Debian, Ubuntu, Redhat Enterprise linux, OpenSuSe) ICMP Redirects can be dynamically disabled on the host by adding the proper entries in the /etc/sysctl.conf configuration file. Simply edit the /etc/sysctl.conf file and add the following entries:

For IPv4
net.ipv4.conf.all.accept_redirects = 1
net.ipv4.conf.all.send_redirects = 1
For Ipv6
net.ipv6.conf.all.accept_redirects = 1
net.ipv6.conf.all.send_redirects = 1


2 comments:

Post a Comment

Related Posts with Thumbnails