Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 972513 - The system must use a reverse-path filter for IPv4 network traffic when possible on all interfaces.
The system must use a reverse-path filter for IPv4 network traffic when possi...
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: initscripts (Show other bugs)
All Linux
unspecified Severity high
: rc
: ---
Assigned To: Lukáš Nykrýn
Depends On: 972512
Blocks: 972517
  Show dependency treegraph
Reported: 2013-06-09 15:50 EDT by Jason Pyeron
Modified: 2016-11-25 08:02 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-06-13 10:20:56 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
RHEL6 STIG patch (451 bytes, patch)
2013-06-09 15:50 EDT, Jason Pyeron
no flags Details | Diff
specfile patch (1.31 KB, patch)
2013-06-09 15:51 EDT, Jason Pyeron
no flags Details | Diff

  None (edit)
Description Jason Pyeron 2013-06-09 15:50:10 EDT
Created attachment 758910 [details]
RHEL6 STIG patch

Description of problem:

The default configuration is not conforming to best practices. The Red Hat Enterprise Linux 6 Security Technical Implementation Guide (STIG) v1.2 published by the Defense Information Systems Agency recommends the changes in the attached patch.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:

perform a yum install

Actual results:

root@test /tmp/setup
# sysctl net.ipv4.conf.all.rp_filter
net.ipv4.conf.all.rp_filter = 0

Expected results:

$ sysctl net.ipv4.conf.all.rp_filter

The output of the command should indicate a value of "1". If this value is not the default value, investigate how it could have been adjusted at runtime, and verify it is not set improperly in "/etc/sysctl.conf".

Additional info:

see: http://iase.disa.mil/stigs/os/unix/red_hat.html
Comment 1 Jason Pyeron 2013-06-09 15:51:51 EDT
Created attachment 758911 [details]
specfile patch
Comment 3 Václav Pavlín 2013-06-13 10:20:56 EDT
Hi, this bug changes the default behaviour of the system and we don't think it is appropriate to do this in a midstream RHEL 6 release.

Note You need to log in before you can comment on or make changes to this bug.