how-to-disable-ip-forwarding-in-linux

How to disable IP forwarding in linux

How to disable IP forwarding in linux

In this information sharing, we are going to share about what is IP forwarding in linux and how to disable IP forwarding in linux, and we will see how to enable IP forwarding in linux .

What is IP forwarding in linux?

IP forwarding is nothing but it is just another word for routing. This is a feature of RHEL distribution and for most of the recent linux distros. It is also known as Kernel IP Forwarding in linux or rhel7.

As mentioned it is included security features in all linux distributions and by default IP Forwarding disabled. IP forwarding determines what will be the path adopted by a packet which is been sent.

IP forwarding process use routing information from the system to decide to send packets to many networks.

Nowadays many modern cracking tools available which can spoof internal IP addresses and can attack machine acting as a local node on internal LAN.

This is the reason it is by default made disabled to keep the system to avoid exploitation and attack. There is much software for managing organization security to keep the organization safe and secure like Tideway Compliance Management from BMC or Bigfix from IBM which pulls the details from the server and matches the system configuration and alerts if it found any inconsistency in configurations.

So let us first see how to check IP Forwarding is enabled or disabled in linux before deciding what state you want it to be.

How to check IP forwarding is enabled or disabled in linux?

Please refer to the below output. You can use either of it to see the output returned value is showing 1 which means it is not in a disabled state. It means the system is not security compliant and you need to make it disabled.

[[email protected] ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
[root[email protected] ~]# cat /proc/sys/net/ipv4/ip_forward
1

How to disable IP forwarding in linux?

As mentioned earlier IPv4 policy in RHEL kernel keeps IP Forwarding disabled to prevent server or system works like edge router.

To disable IP Forwarding you can change value 1 from 0 in the kernel using the below method. Just to remember you need to have admin or superuser privilege for changing kernel parameters.

[[email protected] ~]#sysctl -w net.ipv4.ip_forward=0
net.ipv4.ip_forward = 0
You can validate running below command
[[email protected] ~]# cat /proc/sys/net/ipv4/ip_forward
0

Please make sure the return value you can see is Zero. Hold on this will be effective for the current session only. So what you need to do to make persistent across reboots. Add these parameter values in-kernel file like below.

[[email protected] ~]#cp -p /etc/sysctl.conf /etc/sysctl.conf.$date
[[email protected] ~]#vi /etc/sysctl.conf
and change this to Zero and save the file.
net.ipv4.ip_forward = 0
Also pass this parameter value to have immediate effect and add value to sysctl will 
make sure it is consistent across reboot.
[[email protected] ~]#sysctl -p /etc/sysctl.conf

Finally, validate using the above-mentioned commands. That’s it about how to disable IP forwarding in linux.

How to enable IP forwarding in linux?

How to enable IP Forwarding in linux would be almost the same if you revert whatever is mentioned above about how to disable IP forwarding in linux. Steps will be similar to below

1.Use step mentioned how to check IP forwarding is enabled or disabled in linux. You can use either of them or both. The below example shows return value 1 which means it is enabled.

[[email protected] ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
[[email protected] ~]# cat /proc/sys/net/ipv4/ip_forward
1

2. Save the kernel file before making a change you will have a golden copy if you need to revert for any reason.

[[email protected] ~]#cp -p /etc/sysctl.conf /etc/sysctl.conf.$date

3. Use the process mentioned in the process how to disable IP forwarding in linux but just change the value from zero to 1.

[[email protected] ~]#sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

You can validate running the below command

[[email protected] ~]# cat /proc/sys/net/ipv4/ip_forward
1

Please make sure the return value you can see is 1.Hold on this will be effective for the current session only. So what you need to make it persistent across reboots. Add these parameter values in-kernel file like below.

[[email protected] ~]#vi /etc/sysctl.conf
and change this to Zero and save the file.
net.ipv4.ip_forward = 1

Also, pass this parameter value to have immediate effect and add value to sysctl will make sure it is consistent across reboot.

[[email protected] ~]#sysctl -p /etc/sysctl.con

Finally, validate using the above-mentioned commands. That’s it about how to disable IP forwarding in linux.

So we have already gone through what is IP forwarding in linux, how to disable IP forwarding in linux, and how to enable IP forwarding in linux so that’s all we expected to cover in this post. All about IP forwarding in linux.

Thank you very much for going through the post. I hope you will find this helpful. If it is request you to share wherever possible as much as you can including your friends and your fellow system administrators.