X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/fb7845a892c48e5004dea115bdd6b8a17fea7935..cbbd5e39a0460d98f3d0806e7d7e538e4c9c590d:/bookends.m4

diff --git a/bookends.m4 b/bookends.m4
index f451c8d..807e8d9 100644
--- a/bookends.m4
+++ b/bookends.m4
@@ -108,11 +108,18 @@ m4_divert(32)m4_dnl
 ## Set forwarding options.  Apparently setting ip_forward clobbers other
 ## settings, so put this first.
 case $host_type_<::>FWHOST in
-  router) forward=1 ;;
-  *) forward=0 ;;
+  router) forward=1 host=0 ;;
+  server) forward=0 host=0 ;;
+  client) forward=0 host=1 ;;
 esac
 setopt ip_forward $forward
 setdevopt forwarding $forward
+for i in \
+  accept_ra accept_ra_defrtr accept_ra_pinfo accept_ra_info_max_plen \
+  accept_redirects
+do
+  setdevopt $i $host
+done
 case $forward in
   0) inchains="INPUT" ;;
   1) inchains="INPUT FORWARD" ;;
@@ -147,7 +154,7 @@ setdevopt log_martians 0
 
 ## Turn off things which can mess with our routing decisions.
 setdevopt accept_source_route 0
-setdevopt accept_redirects 0
+setdevopt secure_redirects 1
 
 ## If we're maent to stop the firewall, then now is the time to do it.
 $exit_after_clearing