Drop ICMP redirects to avoid network issues in some cases

ICMP Redirect is a mechanism for routers to convey routing information to hosts. The message informs a host to update its routing information (to send packets on an alternative route).

Sometimes however, a host would receive some arbitrary packets even from gateways causing redirection to somewhere actually NOT on the same subnet and bring down network. This did happen on one of my VPS and it was annoying.

Here iptables is used to solve the problem by putting the following line into /etc/rc.local or (debian/ubuntu) /etc/network/interface pre-up statement directly or via iptables-restore command

Alternatively, /etc/sysctl.conf can be utilized as well. Uncomment or add

Also do not forget sysctl -p to take immediate effect.


Nov 3, 2018 @ 11:44

