947 B
---id: V-38528 status: exception tag: misc ---
Exception
The STIG requires that all martian packets are logged by setting the
sysctl parameter net.ipv4.conf.all.log_martians to
1.
Although the logs can be valuable in some situations, the setting can generate a significant amount of logging in OpenStack environments, especially those that use neutron's Linux bridge networking. In some situations, the logging can flood the physical terminal and make troubleshooting at the console or via out of band (like iKVM, DRAC and iLO) extremely difficult.
The role will ensure that martian packet logging is disabled by default. Deployers that need this logging enabled will need to set the following Ansible variable:
security_sysctl_enable_martian_logging: yesWikpedia's article on martian packets provides additional information.