In this post, we will see how to disable ICMP redirect processing, which may help maintain network connectivity in situations where a confused switch or network server shunts traffic away from the selected path.
Disable ICMP Redirect From The Command Line
ICMP Redirect processing can be turned off until the next reboot via the command line, as shown below.
For all network interfaces:
# /sbin/sysctl -w net.ipv4.conf.all.accept_redirects = 0 # /sbin/sysctl -w net.ipv4.conf.all.send_redirects = 0 # /sbin/sysctl -w net.ipv6.conf.all.accept_redirects = 0 # /sbin/sysctl -w net.ipv6.conf.all.send_redirects = 0
For a selected network interface, such as eth0:
# /sbin/sysctl -w net.ipv4.conf.eth0.accept_redirects = 0 # /sbin/sysctl -w net.ipv4.conf.eth0.send_redirects = 0 # /sbin/sysctl -w net.ipv6.conf.eth0.accept_redirects = 0 # /sbin/sysctl -w net.ipv6.conf.eth0.send_redirects = 0
Disable ICMP Redirect Persistently
Create the file /etc/sysctl.d/50-icmp_redirect.conf with the lines:
# Uncomment the lines below as needed. # Disable ICMP Redirect Globally # net.ipv4.conf.all.accept_redirects = 0 # net.ipv4.conf.all.send_redirects = 0 # net.ipv6.conf.all.accept_redirects = 0 # net.ipv6.conf.all.send_redirects = 0 # Disable ICMP Redirect For A Selected NIC # net.ipv4.conf.eth0.accept_redirects = 0 # net.ipv4.conf.eth0.send_redirects = 0 # net.ipv6.conf.eth0.accept_redirects = 0 # net.ipv6.conf.eth0.send_redirects = 0
Uncomment the lines appropriate for your deployment. The change will persist across reboots.
Apply the settings in current environment:
# sysctl --system ## for CentOS/RHEL 7 and above # sysctl -p ## for CentOS/RHEL 6