diff options
| author | hagbard <vyosdev@derith.de> | 2019-01-08 13:24:48 -0800 |
|---|---|---|
| committer | hagbard <vyosdev@derith.de> | 2019-01-08 13:24:48 -0800 |
| commit | 394bee00f7473c3d397b3d47930999fd9f1f93d1 (patch) | |
| tree | 24b428c236f05982a7a89e287000ba4f97a722da | |
| parent | 88c8b3440bd4e4a31ca86cd5d6e8d23bbc0684e7 (diff) | |
| download | vyos-build-394bee00f7473c3d397b3d47930999fd9f1f93d1.tar.gz vyos-build-394bee00f7473c3d397b3d47930999fd9f1f93d1.zip | |
T1135: "firewall send-redirects enable" works only after switching from disabled state on running system
- disable send-redirects per default
| -rwxr-xr-x | data/live-build-config/hooks/live/08-sysconf.chroot | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/data/live-build-config/hooks/live/08-sysconf.chroot b/data/live-build-config/hooks/live/08-sysconf.chroot index 8d1616c0..f6607410 100755 --- a/data/live-build-config/hooks/live/08-sysconf.chroot +++ b/data/live-build-config/hooks/live/08-sysconf.chroot @@ -38,6 +38,8 @@ update_sysctl_conf net.ipv4.ip_forward 1 \ # "enable ipv6 forwarding" update_sysctl_conf net.core.rmem_max 223232 \ "maximize netlink buffers" +update_sysctl_conf net.ipv4.conf.all.send_redirects 0 + "disable IPv4 ICMP redirects" # Local Variables: # mode: shell-script |