Skip to content

Configure Response Mode of ARP Requests for All IPv4 Interfaces

An XCCDF Rule

Description

To set the runtime status of the net.ipv4.conf.all.arp_ignore kernel parameter, run the following command:

$ sudo sysctl -w net.ipv4.conf.all.arp_ignore=
To make sure that the setting is persistent, add the following line to a file in the directory /etc/sysctl.d:
net.ipv4.conf.all.arp_ignore = 

warning alert: Functionality Warning

The ARP response mode may impact behaviour of workloads and firewalls on the system.

Rationale

Avoids ARP Flux on system that have more than one interface on the same subnet.

ID
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_arp_ignore
Severity
Medium
References
Updated



Remediation - Ansible

- name: List /etc/sysctl.d/*.conf files
  find:
    paths:
    - /etc/sysctl.d/
    - /run/sysctl.d/
    - /usr/local/lib/sysctl.d/

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

# Comment out any occurrences of net.ipv4.conf.all.arp_ignore from /etc/sysctl.d/*.conf files

for f in /etc/sysctl.d/*.conf /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf; do