Disable source route

Signed-off-by: Tommy <[email protected]>

Author: TommyTran732

etc/sysctl.d/99-server.conf

@@ -67,6 +67,11 @@ net.ipv4.conf.*.send_redirects = 0
 net.ipv4.conf.*.accept_redirects = 0
 net.ipv6.conf.*.accept_redirects = 0
 
+# https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/security_guide/sect-security_guide-server_security-disable-source-routing
+# Disable source route
+net.ipv4.conf.*.accept_source_route = 0
+net.ipv6.conf.*.accept_source_route = 0
+
 # Check if the source of the IP address is reachable through the same interface it came in.
 # Basic IP spoofing mitigation.
 net.ipv4.conf.*.rp_filter = 1

etc/sysctl.d/99-workstation.conf

@@ -68,6 +68,11 @@ net.ipv4.conf.*.send_redirects = 0
 net.ipv4.conf.*.accept_redirects = 0
 net.ipv6.conf.*.accept_redirects = 0
 
+# https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/security_guide/sect-security_guide-server_security-disable-source-routing
+# Disable source route
+net.ipv4.conf.*.accept_source_route = 0
+net.ipv6.conf.*.accept_source_route = 0
+
 # Check if the source of the IP address is reachable through the same interface it came in
 # Basic IP spoofing mitigation.
 net.ipv4.conf.*.rp_filter = 1