STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-22412

CAT II (Medium)

The system must not apply reversed source routing to TCP responses.

Rule ID

SV-46156r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-001551

Discussion

Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures.

Check Content

Check the reverse source route settings for the system:
# sysctl net.ipv4.conf.all.accept_source_route
# sysctl net.ipv4.conf.default.accept_source_route

If either setting has a value other than zero, this is a finding.

Fix Text

Add the entries in /etc/sysctl.conf to disable reverse source routing:
# printf "sysctl net.ipv4.conf.all.accept_source_route = 0\n" >> /etc/sysctl.conf
# printf "sysctl net.ipv4.conf.default.accept_source_route = 0\n" >> /etc/sysctl.conf

Activate the updated settings:
# /sbin/sysctl -p /etc/sysctl.conf