init.rc: disable ICMP redirects Bug: 18604139 Change-Id: I4bf22d0029f8b03b0ef4329b7b8632d8e116c8e1 Signed-off-by: Greg Hackmann <ghackmann@google.com>

commit: f3fd1226e05c806dd4ad4552abf56bcac12efe5e [log] [tgz]
author: Greg Hackmann <ghackmann@google.com> Wed Dec 03 09:57:00 2014 -0800
committer: Greg Hackmann <ghackmann@google.com> Wed Dec 10 09:38:14 2014 -0800
tree: e6657689c1b9b450142a6054f7a04583aeeb082b
parent: f84c6a1fcd9b142b84af20ca2c6591de180ffe33 [diff] [blame]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 9f444c1..c0efeb1 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -114,6 +114,10 @@
     # set fwmark on accepted sockets
     write /proc/sys/net/ipv4/tcp_fwmark_accept 1
 
+    # disable icmp redirects
+    write /proc/sys/net/ipv4/conf/all/accept_redirects 0
+    write /proc/sys/net/ipv6/conf/all/accept_redirects 0
+
     # Create cgroup mount points for process groups
     mkdir /dev/cpuctl
     mount cgroup none /dev/cpuctl cpu
commit	f3fd1226e05c806dd4ad4552abf56bcac12efe5e	[log] [tgz]
author	Greg Hackmann <ghackmann@google.com>	Wed Dec 03 09:57:00 2014 -0800
committer	Greg Hackmann <ghackmann@google.com>	Wed Dec 10 09:38:14 2014 -0800
tree	e6657689c1b9b450142a6054f7a04583aeeb082b
parent	f84c6a1fcd9b142b84af20ca2c6591de180ffe33 [diff] [blame]