Discarding inbound ICMP REDIRECT by default

From: Ed Maste <emaste_at_freebsd.org>
Date: Tue, 07 May 2024 18:12:11 UTC
I propose that we start dropping inbound ICMP REDIRECTs by default, by
setting the net.inet.icmp.drop_redirect sysctl to 1 by default (and
changing the associated rc.conf machinery). I've opened a Phabricator
review at https://reviews.freebsd.org/D45102.

ICMP REDIRECTs served a useful purpose in earlier networks, but on
balance are more likely to represent a security issue today than to
provide a routing benefit. With the change in review it is of course
still possible to enable them if desired for a given installation.
This change would appear in FreeBSD 15.0 and would not be MFC'd.

One question raised in the review is about switching the default to
YES but keeping the special handling for "auto" (dropping ICMP
REDIRECT if a routing daemon is in use, honouring them if not). I
don't think this is particularly valuable given that auto was
introduced to override the default NO when necessary; there's no need
for it with the default being YES. That functionality could be
maintained if there is a compelling use case, though.

If you have any questions or feedback please follow up here or in the review.