I know WE don't generate non local icmp redirects but I notice that we would forward them should someone else (malicious or not) generate them.. I think that we possibly should check for them in our forwarding code.. (of course you can stop them with the firewall but..) thoughts?