Disable Source Packet Forwarding – persistent ipv4 = 0

Details

This setting controls whether the IPv4 or IPv6 configuration will forward packets with IPv4 routing options or IPv6 routing headers.

Keep this parameter disabled to prevent denial of service attacks through spoofed packets.

Solution

To enforce this setting for IPv4 packets, use the command:
# ipadm set-prop -p _forward_src_routed=0 ipv4

To enforce this setting for IPv6 packets, use the command:
# ipadm set-prop -p _forward_src_routed=0 ipv6

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/612

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

800-53|SC-7(12)
CSCv6|9.2

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles