STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-230540r627750_rule
V-230540
SRG-OS-000480-GPOS-00227
RHEL-08-040260
CAT II
10
Configure RHEL 8 to not allow packet forwarding, unless the system is a router with the following commands:
$ sudo sysctl -w net.ipv4.ip_forward=0
$ sudo sysctl -w net.ipv6.conf.all.forwarding=0
If "0" is not the system's default value then add or update the following lines in the appropriate file under "/etc/sysctl.d":
net.ipv4.ip_forward=0
net.ipv6.conf.all.forwarding=0
Verify RHEL 8 is not performing packet forwarding, unless the system is a router.
Note: If either IPv4 or IPv6 is disabled on the system, this requirement only applies to the active internet protocol version.
Check to see if IP forwarding is enabled using the following commands:
$ sudo sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
$ sudo sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 0
If IP forwarding value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
V-230540
False
RHEL-08-040260
Verify RHEL 8 is not performing packet forwarding, unless the system is a router.
Note: If either IPv4 or IPv6 is disabled on the system, this requirement only applies to the active internet protocol version.
Check to see if IP forwarding is enabled using the following commands:
$ sudo sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
$ sudo sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 0
If IP forwarding value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
M
2921