Re: Discarding inbound ICMP REDIRECT by default

In reply to: Rodney W. Grimes: "Re: Discarding inbound ICMP REDIRECT by default"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Ed Maste <emaste_at_freebsd.org>
Date: Fri, 14 Jun 2024 12:49:27 UTC

> > > Discarding ICMP redirects on a internet host is non-conformant with
> > > STD-3 via rfc-1122.  Processing of ICMP rediects is a MUST for hosts.
> >
> > In that case our default of "auto" is non-conformant if you have a
> > routing daemon.
>
> NO, because then your not subject to rfc-1122 as your now a router,
> not a host.

I would argue that having IP forwarding enabled (i.e.
net.inet.ip.forwarding for IPv4) is what establishes FreeBSD as a
router, and ICMP REDIRECT messages are already dropped in kernel in
that case.