dccce1d5cc
This patch gets the docs adjusted to work with the new RHEL 7 STIG version 1 release. The new STIG release has changed all of the numbering, but it maintains a link to (most) of the old STIG IDs in the XML. Closes-bug: 1676865 Change-Id: I65023fe63163c9804a3aec9dcdbf23c69bedb604
20 lines
703 B
ReStructuredText
20 lines
703 B
ReStructuredText
---
|
|
id: V-72283
|
|
status: implemented
|
|
tag: kernel
|
|
---
|
|
|
|
The tasks in this role set ``net.ipv4.conf.all.accept_source_route`` and
|
|
``net.ipv4.conf.default.accept_source_route`` to ``0`` by default. This
|
|
prevents the system from forwarding source-routed IPv4 packets on all
|
|
new and existing interfaces.
|
|
|
|
Deployers can opt out of this change by setting the following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_disallow_source_routed_packet_forward_ipv4: no
|
|
|
|
For more details on source routed packets, refer to the
|
|
`Red Hat documentation <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Server_Security-Disable-Source-Routing.html>`_.
|