STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Red Hat Enterprise Linux 10 Security Technical Implementation Guide

V-281354

CAT II (Medium)

RHEL 10 must not accept router advertisements on all Internet Protocol version 6 (IPv6) interfaces.

Rule ID

SV-281354r1167212_rule

STIG

Red Hat Enterprise Linux 10 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-002385CCI-001109

Discussion

An illicit router advertisement message could result in a man-in-the-middle attack. Satisfies: SRG-OS-000420-GPOS-00186, SRG-OS-000142-GPOS-00085

Check Content

Note: If IPv6 is disabled on the system, this requirement is not applicable.

Verify RHEL 10 does not accept router advertisements on all IPv6 interfaces, unless the system is a router.

Check that "net.ipv6.conf.all.accept_ra" is set to not accept router advertisements by using the following command:

$ sudo sysctl net.ipv6.conf.all.accept_ra
net.ipv6.conf.all.accept_ra = 0

If "net.ipv6.conf.all.accept_ra" is not set to "0" or is missing, this is a finding.

Fix Text

Configure RHEL 10 to not accept router advertisements on all IPv6 interfaces, unless the system is a router.

Create a configuration file if it does not already exist:

$ sudo vi /etc/sysctl.d/ipv4_accept_ra.conf

Add the following line to the file:

net.ipv6.conf.all.accept_ra = 0

Reload settings from all system configuration files with the following command:

$ sudo sysctl --system