From 394bee00f7473c3d397b3d47930999fd9f1f93d1 Mon Sep 17 00:00:00 2001
From: hagbard <vyosdev@derith.de>
Date: Tue, 8 Jan 2019 13:24:48 -0800
Subject: T1135: "firewall send-redirects enable" works only after switching
 from disabled state on running system 	- disable send-redirects per default

---
 data/live-build-config/hooks/live/08-sysconf.chroot | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'data')

diff --git a/data/live-build-config/hooks/live/08-sysconf.chroot b/data/live-build-config/hooks/live/08-sysconf.chroot
index 8d1616c0..f6607410 100755
--- a/data/live-build-config/hooks/live/08-sysconf.chroot
+++ b/data/live-build-config/hooks/live/08-sysconf.chroot
@@ -38,6 +38,8 @@ update_sysctl_conf net.ipv4.ip_forward 1 \
 #    "enable ipv6 forwarding"
 update_sysctl_conf net.core.rmem_max 223232 \
     "maximize netlink buffers"
+update_sysctl_conf net.ipv4.conf.all.send_redirects 0
+    "disable IPv4 ICMP redirects"
 
 # Local Variables:
 # mode: shell-script
-- 
cgit v1.2.3