Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than what is configured on the router, which can be used to bypass network security measures.

This requirement applies only to the forwarding of source-routed traffic, such as when IPv4 forwarding is enabled and the system is functioning as a router.

Procedure

  1. Run the # grep [01] /proc/sys/net/ipv4/conf/*/accept_source_route|egrep "default|all" command to verify whether the system does not use IPv4 source routed packets
  2. Configure the host system to deny forwarding of IPv4 source routed packets.
    1. Open the /etc/sysctl.conf file with a text editor.
    2. If the values are not set to 0, ensure that net.ipv4.conf.all.accept_source_route=0 and the net.ipv4.conf.default.accept_source_route=0 are set to 0.
    3. Save and close the file.
    4. Run # sysctl -p to apply the configuration.