Resolve cnspec warnings for ICMP redirects

Signed-off-by: Knut Ahlers <knut@ahlers.me>

PKGBUILD

@@ -7,7 +7,7 @@ pkgname=(
   luzifer-gui
   luzifer-lenovo-gui
 )
-pkgver=0.11.0
+pkgver=0.11.1
 pkgrel=1
 pkgdesc='System configuration for @luzifer systems'
 arch=(any)

base/usr/share/luzifer/base-setup/files/sysctl.conf

@@ -8,3 +8,13 @@ net.ipv4.conf.default.rp_filter = 1
 
 # CNSPEC: Ensure core dumps are restricted
 fs.suid_dumpable = 0
+
+# CNSPEC: Ensure ICMP redirects are not accepted
+net.ipv4.conf.all.accept_redirects = 0
+net.ipv4.conf.default.accept_redirects = 0
+net.ipv6.conf.all.accept_redirects = 0
+net.ipv6.conf.default.accept_redirects = 0
+
+# CNSPEC: Ensure secure ICMP redirects are not accepted
+net.ipv4.conf.all.secure_redirects = 0
+net.ipv4.conf.default.secure_redirects = 0