init.rc: disable ICMP redirects

Bug: 18604139 Change-Id: I4bf22d0029f8b03b0ef4329b7b8632d8e116c8e1 Signed-off-by: Greg Hackmann <ghackmann@google.com>
2014-12-03 09:57:00 -08:00 · 2014-12-03 09:57:00 -08:00 · f3fd1226e0
parent f84c6a1fcd
commit f3fd1226e0
1 changed files with 4 additions and 0 deletions
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@ -114,6 +114,10 @@ on init
    # set fwmark on accepted sockets
    write /proc/sys/net/ipv4/tcp_fwmark_accept 1

+    # disable icmp redirects
+    write /proc/sys/net/ipv4/conf/all/accept_redirects 0
+    write /proc/sys/net/ipv6/conf/all/accept_redirects 0
+
    # Create cgroup mount points for process groups
    mkdir /dev/cpuctl
    mount cgroup none /dev/cpuctl cpu