net.ipv6.conf.all.send_redirects
Xavier Beaudouin
kiwi at oav.net
Sun Jan 3 23:53:54 CET 2010
Hi there,
Le 3 janv. 2010 à 23:24, George Bonser a écrit :
>> -----Original Message-----
>> From: ipv6-ops-bounces+gbonser=seven.com at lists.cluenet.de [mailto:ipv6-
>> ops-bounces+gbonser=seven.com at lists.cluenet.de] On Behalf Of Bit Gossip
>> Sent: Sunday, January 03, 2010 1:18 PM
>> To: ipv6-ops at lists.cluenet.de
>> Subject: net.ipv6.conf.all.send_redirects
>>
>> Experts,
>> in IPv4 it was possible to disable sending ICMP redirect as simple as:
>>
>> # sysctl -w net.ipv4.conf.all.send_redirects=0
>> net.ipv4.conf.all.send_redirects = 0
>>
>> Unfortunately the same key seems to have disappeared in IPv6:
>>
>> # sysctl -w net.ipv6.conf.all.send_redirects=0
>> error: "net.ipv6.conf.all.send_redirects" is an unknown key
>>
>> Any idea how to disable sending ICMP redirect?
>> Thanks!
>
>
> It is my understanding that redirects are sent only if the unit is a router and the protocol spec says that if a unit is a router than it MUST support the sending of redirects ( RFC4294 §4.2 )
>
> So if you turn off redirects on an IPv6 router, you have broken IPv6. In other words, in IPv6, redirects are not optional in sending according to the RFC.
On my OpenBSD routers I have :
net.inet6.icmp6.rediraccept=1
But as says George, it is better to leave this on...
/Xavier
More information about the ipv6-ops
mailing list