4.2.5 ipforwarding

Information

The ipforwarding parameter determines whether or not the system forwards TCP/IP packets.

Rationale:

The ipforwarding parameter will be set to 0, to ensure that redirected packets do not reach remote networks. This should only be enabled if the system is performing the function of an IP router. This is typically handled by a dedicated network device.

Solution

In /etc/tunables/nextboot, add the ipforwarding entry:

no -p -o ipforwarding=0

This makes the change permanent by adding the entry into /etc/tunables/nextboot

Default Value:

0

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12)

Plugin: Unix

Control ID: a2d8f029360e99f22b283753d07c52071d030be2e711c22b2b52862ddae3ec7d