The Red Hat Enterprise Linux operating system must not forward IPv6 source-routed packets.

An XCCDF Rule

Details
Profiles

Description

Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv6 forwarding is enabled and the system is functioning as a router.

ID: SV-204630r880827_rule
Version: RHEL-07-040830
Severity: Medium
References: CCI-000366
Updated: 15 days ago

Remediation Templates

Set the system to the required kernel parameter, if IPv6 is enabled, by adding the following line to "/etc/sysctl.conf" or a configuration file in the /etc/sysctl.d/ directory (or modify the line to have the required value):

     net.ipv6.conf.all.accept_source_route = 0

Issue the following command to make the changes take effect:

     # sysctl --system

The Red Hat Enterprise Linux operating system must not forward IPv6 source-routed packets.

Description

Remediation Templates

A Manual Procedure