From 8e4f05075b2ff9a410a566d8d5e0048c5e8047a0 Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Thu, 18 Nov 2010 18:37:06 -0800
Subject: [PATCH] IPSec NETKEY requires no redirects

---
 patches/systemvm/debian/config/etc/sysctl.conf | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/patches/systemvm/debian/config/etc/sysctl.conf b/patches/systemvm/debian/config/etc/sysctl.conf
index d5fe5d43e8e..71acc2b6f04 100644
--- a/patches/systemvm/debian/config/etc/sysctl.conf
+++ b/patches/systemvm/debian/config/etc/sysctl.conf
@@ -1,4 +1,4 @@
-# Kernel sysctl configuration file for Red Hat Linux
+# Kernel sysctl configuration file 
 #
 # For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
 # sysctl.conf(5) for more details.
@@ -19,6 +19,12 @@ net.ipv4.conf.default.arp_ignore = 2
 net.ipv4.conf.all.arp_announce = 2
 net.ipv4.conf.all.arp_ignore = 2
 
+# IPSec NETKEY -- avoid bogus redirects
+net.ipv4.conf.all.accept_redirects = 0
+net.ipv4.conf.default.accept_redirects = 0
+net.ipv4.conf.all.send_redirects = 0
+net.ipv4.conf.default.send_redirects = 0
+
 
 # Controls the System Request debugging functionality of the kernel
 kernel.sysrq = 0