The system must set strict multihoming.
An XCCDF Rule
Description
These settings control whether a packet arriving on a non-forwarding interface can be accepted for an IP address that is not explicitly configured on that interface. This rule is NA for documented systems that have interfaces that cross strict networking domains (for example, a firewall, a router, or a VPN node).
- ID
- SV-216375r959010_rule
- Version
- SOL-11.1-050080
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
The Network Management profile is required.
Disable strict multihoming for IPv4 and IPv6.
# pfexec ipadm set-prop -p _strict_dst_multihoming=1 ipv4
# pfexec ipadm set-prop -p _strict_dst_multihoming=1 ipv6