From 4f7117243a0dfb78c5af8c82a445d41186726aeb Mon Sep 17 00:00:00 2001
From: hagbard <vyosdev@derith.de>
Date: Tue, 8 Jan 2019 14:26:16 -0800
Subject: T1135: "firewall send-redirects enable" works only after switching
 from disabled state on running system   - set default to disable too due to
 the fact that set firewall did expect that at one point. Primarily, IPSec
 could leak     data once a tunnel is established.

---
 data/live-build-config/hooks/live/08-sysconf.chroot | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'data/live-build-config/hooks/live/08-sysconf.chroot')

diff --git a/data/live-build-config/hooks/live/08-sysconf.chroot b/data/live-build-config/hooks/live/08-sysconf.chroot
index b7b2f831..d403d04b 100755
--- a/data/live-build-config/hooks/live/08-sysconf.chroot
+++ b/data/live-build-config/hooks/live/08-sysconf.chroot
@@ -40,6 +40,8 @@ update_sysctl_conf net.core.rmem_max 223232 \
     "maximize netlink buffers"
 update_sysctl_conf net.ipv4.conf.all.send_redirects 0 \
     "disable IPv4 ICMP redirects"
+update_sysctl_conf net.ipv4.conf.default.send_redirects 0 \
+    "disable IPv4 ICMP redirects"
 
 # Local Variables:
 # mode: shell-script
-- 
cgit v1.2.3