ansible-hardening/RHEL-07-040860.rst at 455243c10b9168664ba4212ce56472b4bcfddfb7

Major Hayden 716232cef6 [Docs] Securing sysctl configurations

This patch provides documentation for:

  https://review.openstack.org/397877

Implements: blueprint security-rhel7-stig
Change-Id: I1719ccb5b9818f6477e515cba6b9d1d9b29e2ab4

2016-11-16 16:16:54 +00:00

525 B

Raw Blame History

---id: RHEL-07-040860 status: implemented tag: kernel ---

The tasks in this role set net.ipv6.conf.all.accept_source_route to 0 by default. This prevents the system from forwarding source-routed IPv6 packets.

Deployers can opt out of this change by setting the following Ansible variable:

security_disallow_source_routed_packet_forward_ipv6: no

Refer to "IPv6 source routing: history repeats itself" for more details on IPv6 source routed packets.

525 B Raw Blame History

525 B

Raw Blame History