also sprach Stephen Gran <sgran@debian.org> [2006.11.03.1227 +0100]: > > net.ipv4.conf.all.accept_redirects = 0 > > That looks like overkill, see below. Right, it may not be needed, but it's probably not overkill to disable a feature, is it? :) I do the above on all my machines. > No. icmp redirect is only honored when it redirects to another host in > your subnet. Unless you have a really large subnet, this looks like > nonsense. The kernel will ignore it if it redirects you outside of your > subnet. So is this what these messages are about, and would it look different if someone tried a valid redirect that would be ignored due to my configuration? Sorry, I currently only have one functional machine in my test network. :/ -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems NP: Friends of Dean Martinez / Music from Time & Space (Volume 0)
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)