4.5.6 Ensure ipforwarding is disabled

Information

The ipforwarding parameter determines whether or not the system forwards TCP/IP packets.

The ipforwarding parameter will be set to 0 to ensure that redirected packets do not reach remote networks. This should only be enabled if the system is performing the function of an IP router. This is typically handled by a dedicated network device.

Solution

In /etc/tunables/nextboot add the ipforwarding entry:

no -p -o ipforwarding=0

This makes the change permanent by adding the entry into /etc/tunables/nextboot

See Also

https://workbench.cisecurity.org/benchmarks/10385

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: 8c0200a7609c2a2e58b5284e5e7fef3918aac3f7de3f5244dfb10f5b4746c3eb