Free DISA STIG and SRG Library | Vaulted

V-67733

IP forwarding for IPv6 must not be enabled.

Finding ID
AOSX-11-001206
Rule ID
SV-82223r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-OS-000480-GPOS-00227
CCI
CCI-000366
Target Key
(None)
Documentable
No
Discussion

IP forwarding for IPv6 must not be enabled, as only authorized systems should be permitted to operate as routers.

Fix Text

To configure the system to disable "IP forwarding", add the following line to "/etc/sysctl.conf", creating the file if necessary: net.inet6.ip6.forwarding=0

Check Content

To check if "IP forwarding" is enabled, run the following command: sysctl net.inet6.ip6.forwarding If the values are not "0", this is a finding.