| # 3.2.3 Ensure secure ICMP redirects are not accepted |
| # Secure ICMP redirects are the same as ICMP redirects, except they come from |
| # gateways listed on the default gateway list. It is assumed that these |
| # gateways are known to your system, and that they are likely to be secure. |
| # It is still possible for even known gateways to be compromised. Setting |
| # net.ipv4.conf.all.secure_redirects to 0 protects the system from routing |
| # table updates by possibly compromised known gateways. |
| # Run the following commands and verify output matches: |
| # # sysctl net.ipv4.conf.all.secure_redirects |
| # net.ipv4.conf.all.secure_redirects = 0 |
| # # sysctl net.ipv4.conf.default.secure_redirects |
| # net.ipv4.conf.default.secure_redirects = 0 |
| # Set the following parameters in the /etc/sysctl.conf file: |
| # net.ipv4.conf.all.secure_redirects = 0 |
| # net.ipv4.conf.default.secure_redirects = 0 |
| # Run the following commands to set the active kernel parameters: |
| # # sysctl -w net.ipv4.conf.all.secure_redirects=0 |
| # # sysctl -w net.ipv4.conf.default.secure_redirects=0 |
| # # sysctl -w net.ipv4.route.flush=1 |
| net.ipv4.conf.all.secure_redirects: 0 |
| net.ipv4.conf.default.secure_redirects: 0 |