716232cef6
This patch provides documentation for: https://review.openstack.org/397877 Implements: blueprint security-rhel7-stig Change-Id: I1719ccb5b9818f6477e515cba6b9d1d9b29e2ab4
710 B
710 B
---id: RHEL-07-040350 status: implemented tag: kernel ---
The tasks in this role set
net.ipv4.conf.all.accept_source_route and
net.ipv4.conf.default.accept_source_route to 0
by default. This prevents the system from forwarding source-routed IPv4
packets on all new and existing interfaces.
Deployers can opt out of this change by setting the following Ansible variable:
security_disallow_source_routed_packet_forward_ipv4: noFor more details on source routed packets, refer to the Red Hat documentation.