From 95286df50274953326accb615487e21d409b652a Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Thu, 18 Jul 2024 15:28:31 +1000
Subject: [PATCH] Update README.md regarding secure ICMP redirects

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 5cd9fad..29654c4 100644
--- a/README.md
+++ b/README.md
@@ -72,7 +72,8 @@ Various networking components of the TCP/IP stack are hardened for IPv4/6.
   from all interfaces to prevent IP spoofing.
 
 - Disable ICMP redirect acceptance and redirect sending messages to
-  prevent man-in-the-middle attacks and minimize information disclosure.
+  prevent man-in-the-middle attacks and minimize information disclosure. If
+  ICMP redirect messages are permitted, only do so from approved gateways.
 
 - Ignore ICMP echo requests to prevent clock fingerprinting and Smurf attacks.