UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must set strict multihoming.


Overview

Finding ID Version Rule ID IA Controls Severity
V-216138 SOL-11.1-050080 SV-216138r959010_rule Medium
Description
These settings control whether a packet arriving on a non-forwarding interface can be accepted for an IP address that is not explicitly configured on that interface. This rule is NA for documented systems that have interfaces that cross strict networking domains (for example, a firewall, a router, or a VPN node).
STIG Date
Solaris 11 X86 Security Technical Implementation Guide 2024-05-30

Details

Check Text ( C-17376r372796_chk )
Determine if strict multihoming is configured.

# ipadm show-prop -p _strict_dst_multihoming -co current ipv4
# ipadm show-prop -p _strict_dst_multihoming -co current ipv6

If the output of all commands is not "1", this is a finding.
Fix Text (F-17374r372797_fix)
The Network Management profile is required.

Disable strict multihoming for IPv4 and IPv6.

# pfexec ipadm set-prop -p _strict_dst_multihoming=1 ipv4
# pfexec ipadm set-prop -p _strict_dst_multihoming=1 ipv6