STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 7 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-22412

CAT II (Medium)

The system must not apply reversed source routing to TCP responses.

Rule ID

SV-46156r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-001551

Discussion

Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures.

Check Content

Check the reverse source route settings for the system:
# sysctl net.ipv4.conf.all.accept_source_route
# sysctl net.ipv4.conf.default.accept_source_route

If either setting has a value other than zero, this is a finding.

Fix Text

Add the entries in /etc/sysctl.conf to disable reverse source routing:
# printf "sysctl net.ipv4.conf.all.accept_source_route = 0\n" >> /etc/sysctl.conf
# printf "sysctl net.ipv4.conf.default.accept_source_route = 0\n" >> /etc/sysctl.conf

Activate the updated settings:
# /sbin/sysctl -p /etc/sysctl.conf