Red Hat Bugzilla – Bug 972513
The system must use a reverse-path filter for IPv4 network traffic when possible on all interfaces.
Last modified: 2016-11-25 08:02:50 EST
Created attachment 758910 [details]
RHEL6 STIG patch
Description of problem:
The default configuration is not conforming to best practices. The Red Hat Enterprise Linux 6 Security Technical Implementation Guide (STIG) v1.2 published by the Defense Information Systems Agency recommends the changes in the attached patch.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
perform a yum install
# sysctl net.ipv4.conf.all.rp_filter
net.ipv4.conf.all.rp_filter = 0
$ sysctl net.ipv4.conf.all.rp_filter
The output of the command should indicate a value of "1". If this value is not the default value, investigate how it could have been adjusted at runtime, and verify it is not set improperly in "/etc/sysctl.conf".
Created attachment 758911 [details]
Hi, this bug changes the default behaviour of the system and we don't think it is appropriate to do this in a midstream RHEL 6 release.