diff options
| author | hagbard <vyosdev@derith.de> | 2019-01-08 14:26:16 -0800 |
|---|---|---|
| committer | hagbard <vyosdev@derith.de> | 2019-01-08 14:26:16 -0800 |
| commit | 4f7117243a0dfb78c5af8c82a445d41186726aeb (patch) | |
| tree | dc641afb9c2cbdd3b337dcb0c42553ec31939269 /data | |
| parent | f8f6c5d391017796242bb9feb010ba980e280c58 (diff) | |
| download | vyos-build-4f7117243a0dfb78c5af8c82a445d41186726aeb.tar.gz vyos-build-4f7117243a0dfb78c5af8c82a445d41186726aeb.zip | |
T1135: "firewall send-redirects enable" works only after switching from disabled state on running system
- set default to disable too due to the fact that set firewall did expect that at one point. Primarily, IPSec could leak
data once a tunnel is established.
Diffstat (limited to 'data')
| -rwxr-xr-x | data/live-build-config/hooks/live/08-sysconf.chroot | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/data/live-build-config/hooks/live/08-sysconf.chroot b/data/live-build-config/hooks/live/08-sysconf.chroot index b7b2f831..d403d04b 100755 --- a/data/live-build-config/hooks/live/08-sysconf.chroot +++ b/data/live-build-config/hooks/live/08-sysconf.chroot @@ -40,6 +40,8 @@ update_sysctl_conf net.core.rmem_max 223232 \ "maximize netlink buffers" update_sysctl_conf net.ipv4.conf.all.send_redirects 0 \ "disable IPv4 ICMP redirects" +update_sysctl_conf net.ipv4.conf.default.send_redirects 0 \ + "disable IPv4 ICMP redirects" # Local Variables: # mode: shell-script |