Re: Discarding inbound ICMP REDIRECT by default
- Reply: Chris : "Re: Discarding inbound ICMP REDIRECT by default"
- In reply to: Chris : "Re: Discarding inbound ICMP REDIRECT by default"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 14 Jun 2024 12:50:09 UTC
On Wed, 12 Jun 2024 at 18:05, Chris <bsd-lists@bsdforge.com> wrote: > > As Rodeney already effectively explains; dropping packets makes routing, > and discovery exceedingly difficult. Which is NOT what the average user > wants, This is on end hosts only, not routers (which already drop ICMP REDIRECT). > or expects. I use "set block-policy drop" in pf(4). But as already noted, > this is for "filtering" purposes. Your suggestion also has the negative > affect > of hanging remote ports. Which can result in other negative results by peers. I don't follow -- how does a host not processing ICMP REDIRECT cause these effects?