IP forwarding for IPv4 must not be enabled, unless the system is a router.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-51315 | OSX8-00-01205 | SV-65525r1_rule | Medium |
| Description |
|---|
| IP forwarding for IPv4 must not be enabled, unless the system is a router. |
| STIG | Date |
|---|---|
| Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Details
| Check Text ( C-53663r1_chk ) |
|---|
| To check if IP forwarding is enabled, run the following command: sysctl net.inet.ip.forwarding | awk '{ print $NF }' If the value is not "0", this is a finding. |
| Fix Text (F-56115r1_fix) |
|---|
| To configure the system to disable IPv4 forwarding, add the following line to /etc/sysctl.conf: net.inet.ip.forwarding=0 |