diff --git a/defaults/main.yml b/defaults/main.yml
index dda0337a..887ef21b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -205,6 +205,7 @@ security_disable_module_rds: yes                  # V-38516
 security_disable_module_sctp: yes                 # V-38515
 security_disable_module_tipc: yes                 # V-38517
 security_disable_module_usb_storage: no           # V-38490
+security_disable_icmpv4_redirects: no             # V-38524
 #
 # ** DANGER **
 # It's strongly recommended to fully understand the effects of changing the
diff --git a/doc/source/developer-notes/V-38524.rst b/doc/source/developer-notes/V-38524.rst
deleted file mode 120000
index 6c7ce880..00000000
--- a/doc/source/developer-notes/V-38524.rst
+++ /dev/null
@@ -1 +0,0 @@
-V-38523.rst
\ No newline at end of file
diff --git a/doc/source/developer-notes/V-38524.rst b/doc/source/developer-notes/V-38524.rst
new file mode 100644
index 00000000..9b35cacc
--- /dev/null
+++ b/doc/source/developer-notes/V-38524.rst
@@ -0,0 +1,9 @@
+This patch disables ICMPv4 redirects feature on the host.
+Accepting ICMP redirects has few legitimate uses.
+It should be disabled unless it is absolutely required.
+
+It is configurable by ``security_disable_icmpv4_redirects`` variable.
+This feature is disabled by default as it can disrupt ``LXC`` deployments.
+
+Deployers can skip or enable this task by setting
+``security_disable_icmpv4_redirects`` to ``no``  or ``yes``,  respectively.
diff --git a/tasks/kernel.yml b/tasks/kernel.yml
index d58fde06..2d901c00 100644
--- a/tasks/kernel.yml
+++ b/tasks/kernel.yml
@@ -173,3 +173,15 @@
     - kernel
     - cat2
     - V-38682
+
+- name: V-38524 - The system must not accept ICMPv4 redirect packets on any interface
+  sysctl:
+    name: net.ipv4.conf.all.accept_redirects
+    value: 0
+    state: present
+    sysctl_set: yes
+  when: security_disable_icmpv4_redirects | bool
+  tags:
+    - kernel
+    - cat2
+    - V-38524