We don’t want ICMP redirects in our network.
So we have to disable it in sysctl.conf and role-specific files, like
- rc.conf
- rb.conf
- lb.conf
- nas.conf
net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.all.send_redirects = 0
Steps:
- install new sysctl config files
- update current values
for f in $(find /proc/sys/net/ipv4/conf/*/ -name 'send_redirects'); do echo 0 > "${f}"; done
Also we have to review it on bgw*o and bgw*.sgo