Lateral movement. That’s the nightmare scenario this simple hardening tip helps prevent. A compromised server shouldn’t automatically become a pivot point to your entire network. Yet, I still see this misconfiguration everywhere.
Your Linux servers are not routers, unless explicitly designed to be. If IP forwarding is enabled, an attacker who gains a foothold can use that machine to route traffic, effectively turning it into a proxy for further internal reconnaissance and attacks. It’s a fundamental network security control.
The fix is straightforward and takes seconds. Set these kernel parameters:
net.ipv4.ip_forward = 0 net.ipv6.conf.all.forwarding = 0
Then activate with ‘sudo sysctl -p’. This ensures your non-router systems are just that — endpoints, not gateways. Don’t leave this door open.
Take action today. Verify and disable IP forwarding on all non-router Linux systems.
The fix
# /etc/sysctl.conf
net.ipv4.ip_forward = 0
net.ipv6.conf.all.forwarding = 0
# Apply
sudo sysctl -p
Reference: CIS Linux Benchmark 3.1.1