716232cef6
This patch provides documentation for: https://review.openstack.org/397877 Implements: blueprint security-rhel7-stig Change-Id: I1719ccb5b9818f6477e515cba6b9d1d9b29e2ab4
605 B
605 B
---id: RHEL-07-040730 status: opt-in tag: kernel ---
Disabling IP forwarding on a system that routes packets or host
virtual machines might cause network interruptions. The tasks in this
role do not adjust the net.ipv4.ip_forward configuration by
default.
Deployers can opt in for this change and disable IP forwarding by setting the following Ansible variable:
security_disallow_ip_forwarding: yesWarning
IP forwarding is required in some environments. Always test in a non-production environment before changing this setting on a production system.