UCF STIG Viewer Logo

The system must not accept source-routed IPv4 packets.


Overview

Finding ID Version Rule ID IA Controls Severity
V-51311 OSX8-00-01195 SV-65521r1_rule Medium
Description
The system must not accept source-routed IPv4 packets.
STIG Date
Apple OS X 10.8 (Mountain Lion) Workstation STIG 2015-02-10

Details

Check Text ( C-53659r3_chk )
To check if the system is configured to accept source-routed packets, run the following command:

sysctl net.inet.ip.accept_sourceroute | awk '{ print $NF }'

If the value is not "0", this is a finding.
Fix Text (F-56111r1_fix)
To configure the system to not accept source-routed packets, add the following line to /etc/sysctl.conf:

net.inet.ip.accept_sourceroute=0