4.2.3 directed_broadcast

Information

The directed_broadcast parameter determines whether or not the system allows a directed broadcast to a network gateway.

Rationale:

The directed_broadcast parameter will be set to 0, to prevent directed broadcasts being sent network gateways. This would prevent a redirected packet from reaching a remote network.

Solution

In /etc/tunables/nextboot, add the directed_broadcast entry:

no -p -o directed_broadcast=0

This makes the change permanent by adding the entry into /etc/tunables/nextboot

Default Value:

1

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(9)

Plugin: Unix

Control ID: d3006e87d85ed966c677e78c0bbfc2c6fbe61d17b00d93103e39021c7579efa0