From 9f28b5ee1df3e8221007fce493a61f19f68fbc76 Mon Sep 17 00:00:00 2001
From: sthen <>
Date: Tue, 9 Jun 2009 11:52:54 +0000
Subject: [PATCH] By default, don't accept IPv4 ICMP redirects. This behaviour
 can be changed with a sysctl, so note it in sysctl.conf. v6 needs further
 testing following discussions on the tech mailing list; rainer@ points out
 possible interactions with neighbour discovery which need to be investigated
 first.

"go ahead on the v4 part" deraadt@
---
 src/etc/sysctl.conf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/etc/sysctl.conf b/src/etc/sysctl.conf
index c51f24c7..3a9a5679 100644
--- a/src/etc/sysctl.conf
+++ b/src/etc/sysctl.conf
@@ -1,4 +1,4 @@
-#	$OpenBSD: sysctl.conf,v 1.46 2008/01/05 18:38:37 mbalmer Exp $
+#	$OpenBSD: sysctl.conf,v 1.47 2009/06/09 11:52:54 sthen Exp $
 #
 # This file contains a list of sysctl options the user wants set at
 # boot time.  See sysctl(3) and sysctl(8) for more information on
@@ -7,6 +7,8 @@
 #net.inet.ip.forwarding=1	# 1=Permit forwarding (routing) of IPv4 packets
 #net.inet.ip.mforwarding=1	# 1=Permit forwarding (routing) of IPv4 multicast packets
 #net.inet.ip.multipath=1	# 1=Enable IP multipath routing
+#net.inet.icmp.rediraccept=1	# 1=Accept ICMP redirects
+#net.inet6.icmp6.rediraccept=0	# 0=Don't accept IPv6 ICMP redirects
 #net.inet6.ip6.forwarding=1	# 1=Permit forwarding (routing) of IPv6 packets
 #net.inet6.ip6.mforwarding=1	# 1=Permit forwarding (routing) of IPv6 multicast packets
 #net.inet6.ip6.multipath=1	# 1=Enable IPv6 multipath routing