Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than what is configured on the router, which can be used to bypass network security measures.
This requirement applies only to the forwarding of source-routed traffic, such as when IPv4 forwarding is enabled and the system is functioning as a router.
Procedure
- Run the # grep [01] /proc/sys/net/ipv4/conf/*/accept_source_route|egrep "default|all" command to verify whether the system does not use IPv4 source routed packets
- Configure the host system to deny forwarding of IPv4 source routed packets.
- Open the /etc/sysctl.conf file with a text editor.
- If the values are not set to
0
, ensure thatnet.ipv4.conf.all.accept_source_route=0
and thenet.ipv4.conf.default.accept_source_route=0
are set to0
. - Save and close the file.
- Run
# sysctl -p
to apply the configuration.