ICMP Redirect Disabling

I am trying to set the following to 0 and running SLES 11 SP3

  • net.ipv4.conf.all.secure_redirects
  • net.ipv4.conf.default.secure_redirects

I’ve added the following to /etc/sysctl.conf and have rebooted the system:

Disable response to broadcasts.

You don’t want yourself becoming a Smurf amplifier.

net.ipv4.icmp_echo_ignore_broadcasts = 1

enable route verification on all interfaces

net.ipv4.conf.all.rp_filter = 1

enable ipV6 forwarding

#net.ipv6.conf.all.forwarding = 1

increase the number of possible inotify(7) watches

fs.inotify.max_user_watches = 65536

avoid deleting secondary IPs on deleting the primary IP

net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1

disable ICMP redirects

net.ipv4.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.tcp_timestamps = 0

But when I run /sbin/sysctl -a, I still see the following:

net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.all.secure_redirects = 1

I then run /sbin/sysctl -p, and get the following output:

net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.rp_filter = 1
fs.inotify.max_user_watches = 65536
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
/proc/sys/net/ipv4/send_redirects: No such file or directory
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.tcp_timestamps = 0

I then run /sbin/sysctl -a and see the following:

net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.all.secure_redirects = 0

However, after I reboot and run /sbin/sysctl -a, I still see the following:

net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.all.secure_redirects = 1

How can I get those two attributes to permanently be set to 0?

Although you probably thought that “OTHER VERSION” might also include SLES, this isn’t so. The following link is the proper place for you to get the correct answers to your question.

https://forums.suse.com/forum.php