as for the interface stuff... > > Per Interface Config > > no ip redirects > no ip unreachables
personally, I don't like those two. what's wrong about a router _sending_ icmp redirects or (even more important/useful) icmp unreachables? keep in mind those commands are not about accepting those (but, as said: sending them). [Leonardo Gama Souza] > Personally I think it's much better rate-limit 'ip unreachables' than block them. Probably Cisco doesn't change these silly defaults because they won't have selling points for tools such as SDM. :) _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
