As a security best practice, verify that the host system denies IPv4 forwarding. If the system is configured for IP forwarding and is not a designated router, it can be used to bypass network security by providing a path for communication that is not filtered by network devices.

Procedure

  1. Run the # cat /proc/sys/net/ipv4/ip_forward command to verify whether the host denies IPv4 forwarding.
  2. Configure the host system to deny IPv4 forwarding.
    1. Open the /etc/sysctl.conf to configure the host system.
    2. If the value is not set to 0, add the following entry to the file or update the existing entry accordingly. Set the value to 0. 
      net.ipv4.ip_forward=0
    3. Save the changes and close the file.
    4. Run # sysctl -p to apply the configuration.