openstack/ansible-hardening
Code Issues Proposed changes
ansible-hardening/doc/source/stig-notes/V-38548_developer.rst
Major Hayden 31823b7647 Implemented: V-38548. 
This patch disables ICMPv6 redirects feature on the host.
Accepting ICMP redirects has few legitimate uses.
It should be disabled unless it is absolutely required.

It is configurable by ``security_disable_icmpv6_redirects`` variable.
This feature is disabled by default.

Change-Id: I12049973d351aee76b95153779c6545e4c7cf00c
2016-08-23 16:07:48 +00:00

533 B
Raw Blame History

Opt-in required

Accepting ICMP redirects has few legitimate uses. It should be disabled unless it is absolutely required.

It is configurable by security_disable_icmpv6_redirects variable. This feature is disabled by default. Disabling IPv6 redirects can cause issues with OpenStack environments which have IPv6 enabled and are routing IPv6 traffic.

Deployers can opt-in to this change and disable ICMPv6 redirects by setting the following Ansible variable:

security_disable_icmpv6_redirects: yes