3.4 Disable Source Packet Forwarding - persistent ipv4 = 0

Information

This setting controls whether the IPv4 or IPv6 configuration will forward packets with IPv4 routing options or IPv6 routing headers.

Keep this parameter disabled to prevent denial of service attacks through spoofed packets.

Solution

To enforce this setting for IPv4 packets, use the command:
# ipadm set-prop -p _forward_src_routed=0 ipv4

To enforce this setting for IPv6 packets, use the command:
# ipadm set-prop -p _forward_src_routed=0 ipv6

See Also

https://workbench.cisecurity.org/files/611

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12), CSCv6|9.2

Plugin: Unix

Control ID: 9d0965d0bfba5943bc0d270c64fe70a394092b124de1bc274cf31e15618aa431