16

I have several Debian Squeeze (6.0.6 up to date) used as routers.
When a link is down, they send ICMP redirects to local hosts. This is the default behaviour of Debian and several others. So once the link comes back to life, the hosts can't reach it until reboot.

I don't want any ICMP redirect to be sent from those routers.

I tested echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects and sysctl -w net.ipv4.conf.all.send_redirects=0 and putting net.ipv4.conf.all.send_redirects=0 into /etc/sysctl.d/local.conf
Every of those solution put the right value into /proc/sys/net/ipv4/conf/all/send_redirects

But...
the kernel keep sending ICMP redirects. Even after a reboot :

$ tcpdump -n -i eth0
00:56:17.186995 IP 192.168.0.254 > 192.168.0.100: ICMP redirect 10.10.13.102 to host 192.168.0.1, length 68

And the routing table of local hosts (Windows computers) are polluted.

I can prevent this with netfilter :
iptables -t mangle -A POSTROUTING -p icmp --icmp-type redirect -j DROP

Any idea about why the usual method doesn't work ?
And how to prevent ICMP redirect to be sent, without using netfilter ?

1 Answer 1

17
+100

The right command is : echo 0 | tee /proc/sys/net/ipv4/conf/*/send_redirects
Because you must have 0 on 'all' and on 'interface_name' to disable it.

Into /etc/sysctl.conf or similar file, you have to set 'all' + 'default' (or 'all' + 'interface' but the interface may not exists already when this file is processed).

2
  • 6
    What's the point of the "all" directory then? I had the vague impression, it would overwrite the values of all other entries? Commented Jun 12, 2015 at 13:07
  • 1
    @Elrond, all doesn't overwrite, it does bitwise operations. See this answer about all vs. default. send_redirects is an OR parameter, so setting all.send_redirects to 0 will be trumped by the interface's setting. Commented Feb 7, 2018 at 16:46

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.