STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Oracle Linux 9 Security Technical Implementation Guide

V-271872

CAT II (Medium)

OL 9 must not enable IPv4 packet forwarding unless the system is a router.

Rule ID

SV-271872r1092328_rule

STIG

Oracle Linux 9 Security Technical Implementation Guide

Version

V1R5

CCIs

CCI-000366

Discussion

Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this capability is used when not required, system network information may be unnecessarily transmitted across the network.

Check Content

Verify that OL 9 is not performing IPv4 packet forwarding, unless the system is a router.

Check that IPv4 forwarding is disabled using the following command:

$ sysctl net.ipv4.conf.all.forwarding
net.ipv4.conf.all.forwarding = 0

If the IPv4 forwarding value is not "0" and is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.

Fix Text

Configure OL 9 to not allow IPv4 packet forwarding unless the system is a router.

Add or edit the following line in a single system configuration file in the "/etc/sysctl.d/" directory:

net.ipv4.conf.all.forwarding = 0

Load settings from all system configuration files with the following command:

$ sudo sysctl --system