716232cef6
This patch provides documentation for: https://review.openstack.org/397877 Implements: blueprint security-rhel7-stig Change-Id: I1719ccb5b9818f6477e515cba6b9d1d9b29e2ab4
434 B
434 B
---id: RHEL-07-040420 status: implemented tag: kernel ---
The tasks in this role set
net.ipv4.conf.default.send_redirects and
net.ipv4.conf.all.send_redirects to 0 by
default. This prevents a system from sending IPv4 ICMP redirect packets
on all new and existing interfaces.
Deployers can opt out of this change by setting the following Ansible variable:
security_disallow_icmp_redirects: no