openstack-ansible-security/doc/metadata/rhel6/V-38524.rst

---
id: V-38524
status: implemented
tag: misc
---

This patch disables ICMPv4 redirects feature on the host.
Accepting ICMP redirects has few legitimate uses.
It should be disabled unless it is absolutely required.

It is configurable by ``security_disable_icmpv4_redirects`` variable.
This feature is disabled by default as it can disrupt ``LXC`` deployments.

Deployers can skip or enable this task by setting
``security_disable_icmpv4_redirects`` to ``no``  or ``yes``,  respectively.