From 4bbd9b72365258a5952005133c2684bd2719459c Mon Sep 17 00:00:00 2001 From: florian <> Date: Wed, 27 Aug 2014 14:04:15 +0000 Subject: [PATCH] Nuke net.inet6.icmp6.rediraccept and allow redirects on interfaces with autoconf enabled. If one is doing SLAAC one does already trust link local icmp6 so the policy for icmp6 redirects should be the same. pointed out by & OK bluhm@; OK henning@ --- src/etc/examples/sysctl.conf | 3 +-- src/etc/rc.conf | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/etc/examples/sysctl.conf b/src/etc/examples/sysctl.conf index b01a20ce..581de99b 100644 --- a/src/etc/examples/sysctl.conf +++ b/src/etc/examples/sysctl.conf @@ -1,4 +1,4 @@ -# $OpenBSD: sysctl.conf,v 1.2 2014/08/20 11:23:41 mikeb Exp $ +# $OpenBSD: sysctl.conf,v 1.3 2014/08/27 14:04:15 florian Exp $ # # This file contains a list of sysctl options the user wants set at # boot time. See sysctl(3) and sysctl(8) for more information on @@ -8,7 +8,6 @@ #net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets #net.inet.ip.multipath=1 # 1=Enable IP multipath routing #net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects -#net.inet6.icmp6.rediraccept=1 # 1=Accept IPv6 ICMP redirects (for hosts) #net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets #net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets #net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing diff --git a/src/etc/rc.conf b/src/etc/rc.conf index 8a3806da..c4af1a86 100644 --- a/src/etc/rc.conf +++ b/src/etc/rc.conf @@ -1,4 +1,4 @@ -# $OpenBSD: rc.conf,v 1.197 2014/08/26 19:33:48 robert Exp $ +# $OpenBSD: rc.conf,v 1.198 2014/08/27 14:04:15 florian Exp $ # DO NOT EDIT THIS FILE!! # @@ -40,7 +40,6 @@ route6d_flags=NO # for normal use: "" # be sure to set net.inet6.ip6.forwarding=1 rtsold_flags=NO # for normal use: interface # be sure to set net.inet6.ip6.forwarding=0 - # be sure to set net.inet6.icmp6.rediraccept=1 lpd_flags=NO # for normal use: "" (or "-l" for debugging) sensorsd_flags=NO # for normal use: "" hotplugd_flags=NO # for normal use: ""