As a security best practice, verify that the host system denies IPv4 forwarding. If the system is configured for IP forwarding and is not a designated router, it could be used to bypass network security by providing a path for communication that is not filtered by network devices.

1

Run the # cat /proc/sys/net/ipv4/ip_forward command to verify whether the host denies IPv4 forwarding.

2

Configure the host system to deny IPv4 forwarding.

a

Open the /etc/sysctl.conf to configure the host system.

b

If the value is not set to 0, add the following entry to the file or update the existing entry accordingly. Set the value to 0.

net.ipv4.ip_forward=0  
c

Save the changes and close the file.