icmp redirects on one-armed linux routers

From: dwhite
Date: Fri Jun 03 2005 - 13:13:52 EST



Just wondering, is there any reason why the patch mentioned in the following post has not been implemented (as of kernel 2.6.11.11 it is not)? Is it a matter of testing? Is there a better alternative to solve the problem described in the thread?

http://oss.sgi.com/projects/netdev/archive/2004-07/msg00512.html

The current behavior (unchanged from that described in the post above) can be problematic, for example when I want to do stateful firewalling on my linux router. I've been applying the patch therein to recent kernels and it seems to be doing the right thing (sends redirects only when the redirect target is on the same subnet as the sending host).

Any thoughts?
TIA

-dave (IANAP)
ps. please cc me directly in your response :)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/