703 B
703 B
---id: V-72283 status: implemented tag: kernel ---
The tasks in this role set
net.ipv4.conf.all.accept_source_route
and
net.ipv4.conf.default.accept_source_route
to 0
by default. This prevents the system from forwarding source-routed IPv4
packets on all new and existing interfaces.
Deployers can opt out of this change by setting the following Ansible variable:
security_disallow_source_routed_packet_forward_ipv4: no
For more details on source routed packets, refer to the Red Hat documentation.