diff options
author | des <des@FreeBSD.org> | 1999-08-10 09:45:33 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 1999-08-10 09:45:33 +0000 |
commit | 25571d959a24b27ad016d62787a175ec852d877c (patch) | |
tree | 5b8c4ddd11ff71d3883d1d43bcddeb294024ef33 /etc/rc.d | |
parent | 59930ac9dda05f451a71df527030658917e79da7 (diff) | |
download | FreeBSD-src-25571d959a24b27ad016d62787a175ec852d877c.zip FreeBSD-src-25571d959a24b27ad016d62787a175ec852d877c.tar.gz |
Add net.inet.icmp.log_redirect and net.inet.icmp.drop_redirect, for
respectively logging and dropping ICMP REDIRECT packets.
Note that there is no rate limiting on the log messages, so log_redirect
should be used with caution (preferrably only for debugging purposes).
Diffstat (limited to 'etc/rc.d')
-rw-r--r-- | etc/rc.d/netoptions | 12 | ||||
-rw-r--r-- | etc/rc.d/network1 | 12 | ||||
-rw-r--r-- | etc/rc.d/network2 | 12 | ||||
-rw-r--r-- | etc/rc.d/network3 | 12 | ||||
-rw-r--r-- | etc/rc.d/routing | 12 |
5 files changed, 55 insertions, 5 deletions
diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions index 946e66c..ba40c16 100644 --- a/etc/rc.d/netoptions +++ b/etc/rc.d/netoptions @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.51 1999/07/26 10:49:31 brian Exp $ +# $Id: rc.network,v 1.52 1999/07/26 15:17:23 brian Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -197,6 +197,16 @@ network_pass1() { echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null fi + + if [ "X$icmp_drop_redirect" = X"YES" ]; then + echo -n ' ignore ICMP redirect=YES' + sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null + fi + + if [ "X$icmp_log_redirect" = X"YES" ]; then + echo -n ' log ICMP redirect=YES' + sysctl -w net.inet.icmp.log_redirect=1 >/dev/null + fi if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' diff --git a/etc/rc.d/network1 b/etc/rc.d/network1 index 946e66c..ba40c16 100644 --- a/etc/rc.d/network1 +++ b/etc/rc.d/network1 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.51 1999/07/26 10:49:31 brian Exp $ +# $Id: rc.network,v 1.52 1999/07/26 15:17:23 brian Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -197,6 +197,16 @@ network_pass1() { echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null fi + + if [ "X$icmp_drop_redirect" = X"YES" ]; then + echo -n ' ignore ICMP redirect=YES' + sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null + fi + + if [ "X$icmp_log_redirect" = X"YES" ]; then + echo -n ' log ICMP redirect=YES' + sysctl -w net.inet.icmp.log_redirect=1 >/dev/null + fi if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' diff --git a/etc/rc.d/network2 b/etc/rc.d/network2 index 946e66c..ba40c16 100644 --- a/etc/rc.d/network2 +++ b/etc/rc.d/network2 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.51 1999/07/26 10:49:31 brian Exp $ +# $Id: rc.network,v 1.52 1999/07/26 15:17:23 brian Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -197,6 +197,16 @@ network_pass1() { echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null fi + + if [ "X$icmp_drop_redirect" = X"YES" ]; then + echo -n ' ignore ICMP redirect=YES' + sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null + fi + + if [ "X$icmp_log_redirect" = X"YES" ]; then + echo -n ' log ICMP redirect=YES' + sysctl -w net.inet.icmp.log_redirect=1 >/dev/null + fi if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' diff --git a/etc/rc.d/network3 b/etc/rc.d/network3 index 946e66c..ba40c16 100644 --- a/etc/rc.d/network3 +++ b/etc/rc.d/network3 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.51 1999/07/26 10:49:31 brian Exp $ +# $Id: rc.network,v 1.52 1999/07/26 15:17:23 brian Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -197,6 +197,16 @@ network_pass1() { echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null fi + + if [ "X$icmp_drop_redirect" = X"YES" ]; then + echo -n ' ignore ICMP redirect=YES' + sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null + fi + + if [ "X$icmp_log_redirect" = X"YES" ]; then + echo -n ' log ICMP redirect=YES' + sysctl -w net.inet.icmp.log_redirect=1 >/dev/null + fi if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' diff --git a/etc/rc.d/routing b/etc/rc.d/routing index 946e66c..ba40c16 100644 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.51 1999/07/26 10:49:31 brian Exp $ +# $Id: rc.network,v 1.52 1999/07/26 15:17:23 brian Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -197,6 +197,16 @@ network_pass1() { echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null fi + + if [ "X$icmp_drop_redirect" = X"YES" ]; then + echo -n ' ignore ICMP redirect=YES' + sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null + fi + + if [ "X$icmp_log_redirect" = X"YES" ]; then + echo -n ' log ICMP redirect=YES' + sysctl -w net.inet.icmp.log_redirect=1 >/dev/null + fi if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' |