Hi, I have a pair of firewalls running Obsd 4.9 and carp (in active-passive mode).
I see a lot of icmp redirect packets in the network using tcpdump. I tried to block them with PF (both incomming and outgoing). block drop out log quick on $int_if inet proto icmp icmp-type redir block drop in log on $int_if inet proto icmp pass in on $int_if inet proto icmp icmp-type echoreq I tried net.inet.ip.redirect=0 net.inet.icmp.rediraccept=0 But still some icmp redirect packets go out through the interface where PF should be blocking. The source MAC of the icmp redirect packets is that of the $int_if interface. So, in short, is there a simple way to block all incomming and outgoing icmp redirect packets in a obsd firewall? Thanks in advance. Regards, Jose
