Rule ID
SV-281345r1167185_rule
Version
V1R1
Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface on which they were received. It must not be used on systems that are routers for complicated networks but is helpful for end hosts and routers serving small networks. Satisfies: SRG-OS-000420-GPOS-00186, SRG-OS-000142-GPOS-00076
Verify RHEL 10 uses reverse path filtering on all IPv4 interfaces. Check the value of the "net.ipv4.conf.all.rp_filter" variable with the following command: $ sudo sysctl net.ipv4.conf.all.rp_filter net.ipv4.conf.all.rp_filter = 1 If "net.ipv4.conf.all.rp_filter" is not set to "1" or is missing, this is a finding.
Configure RHEL 10 to use reverse path filtering on all IPv4 interfaces. Create a configuration file if it does not already exist: $ sudo vi /etc/sysctl.d/99-ipv4_rp_filter.conf Add the following line to the file: net.ipv4.conf.all.rp_filter = 1 Reload settings from all system configuration files with the following command: $ sudo sysctl --system