>> >RFC1122 does indeed require that a system is a host by default and routing
>> >must be switched on. In 2.1.x this problem goes away (its a sysctl), in
>> >2.0.x a vendor could always ship a seperate kernel
>> >
>>
>> So then would an appropriate solution also be to ship with forwarding on (in
> the
>> kernel) but the forwarding policy set to 'reject.' This would require an
>> enabling command then.
>
>The kernel then ignores ICMP redirect messages as its a router with firewalls
>not a host.
>
hmm, then perhaps two different kernels would be a good idea. I wonder how hard
it would be to beat Erik into doing this. :)
-- Bryan C. Andregg * <bandregg@redhat.com> * Red Hat Software"Donnie were much more 'user-friendly'. May be you selective about friends:-)" -- Levente Farkas
"Hey, wait a minute, you clowns are on dope!" -- Owen Cheese in 'Shakes the Clown'