Hi, 2012/2/21 Simon Deziel <simon.dez...@gmail.com>: >> Is this line really necessary?? >>> + echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects > > Yes that is required, even if that sounds odd to me too.
I usually disable all redirects on all Linux hosts. | # Do not accept ICMP redirects (prevent MITM attacks) | net.ipv4.conf.all.accept_redirects = 0 | # Do not send ICMP redirects (we are not a router) | net.ipv4.conf.all.send_redirects = 0 This is a grave bug to enable all ICMP redirects unconditionally. I would probably understand the need to be enabled *only* on tun/tap devices managed by OpenVPN but for a good technical reason. Care to explain more? Thanks -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
