I have several Debian Squeeze (6.0.6 up to date) used as routers.
When a link is down, they send ICMP redirects to local hosts. This is the default behaviour of Debian and several others. So once the link comes back to life, the hosts can't reach it until reboot.
I don't want any ICMP redirect to be sent from those routers.
I tested echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects and sysctl -w net.ipv4.conf.all.send_redirects=0 and putting net.ipv4.conf.all.send_redirects=0 into /etc/sysctl.d/local.conf
Every of those solution put the right value into /proc/sys/net/ipv4/conf/all/send_redirects
But…
the kernel keep sending ICMP redirects. Even after a reboot :
$ tcpdump -n -i eth0
00:56:17.186995 IP 192.168.0.254 > 192.168.0.100: ICMP redirect 10.10.13.102 to host 192.168.0.1, length 68
And the routing table of local hosts (Windows computers) are polluted.
I can prevent this with netfilter :
iptables -t mangle -A POSTROUTING -p icmp --icmp-type redirect -j DROP
Any idea about why the usual method doesn't work ?
And how to prevent ICMP redirect to be sent, without using netfilter ?
Best Answer
The right command is :
echo 0 | tee /proc/sys/net/ipv4/conf/*/send_redirectsBecause you must have 0 on 'all' and on 'interface_name' to disable it.
Into
/etc/sysctl.confor similar file, you have to set 'all' + 'default' (or 'all' + 'interface' but the interface may not exists already when this file is processed).