From b9ad7e57a33d0b666a4026959780b71337dbb3ea Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Wed, 30 Nov 2016 16:26:05 +0000
Subject: [PATCH] ipv6 can be used

---
 src/freedombone-tests          |  9 ---------
 src/freedombone-utils-firewall | 13 +++++++++++++
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/src/freedombone-tests b/src/freedombone-tests
index 233054bc..a8a9664c 100755
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@@ -577,15 +577,6 @@ function test_stig {
     output "V-38544" $? ${SETLANG}
     ################
 
-    ##RHEL-06-000098
-    ##The IPv6 protocol handler must not be bound to the network stack unless needed.
-
-    bash $STIG_TESTS_DIR/check-ipv6-enable.sh >/dev/null 2>&1 &
-
-    stig_spinner $!
-    output "V-38546" $? ${SETLANG}
-    ################
-
     ##RHEL-06-000099
     ##The system must ignore ICMPv6 redirects by default.
     ##If IPv6 is disabled, this is not applicable.
diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index 1c4c00ca..9c21932b 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -178,6 +178,19 @@ function configure_internet_protocol {
         sed -i "s|#net.ipv4.conf.default.accept_source_route.*|net.ipv4.conf.default.accept_source_route = 0|g" /etc/sysctl.conf
         sed -i "s|net.ipv4.conf.default.accept_source_route.*|net.ipv4.conf.default.accept_source_route = 0|g" /etc/sysctl.conf
     fi
+    if ! grep -q "net.ipv4.conf.default.secure_redirects" /etc/sysctl.conf; then
+        echo "net.ipv4.conf.default.secure_redirects = 0" >> /etc/sysctl.conf
+    else
+        sed -i "s|#net.ipv4.conf.default.secure_redirects.*|net.ipv4.conf.default.secure_redirects = 0|g" /etc/sysctl.conf
+        sed -i "s|net.ipv4.conf.default.secure_redirects.*|net.ipv4.conf.default.secure_redirects = 0|g" /etc/sysctl.conf
+    fi
+    net.ipv4.conf.default.accept_redirects = 0
+    if ! grep -q "net.ipv4.conf.default.accept_redirects" /etc/sysctl.conf; then
+        echo "net.ipv4.conf.default.accept_redirects = 0" >> /etc/sysctl.conf
+    else
+        sed -i "s|#net.ipv4.conf.default.accept_redirects.*|net.ipv4.conf.default.accept_redirects = 0|g" /etc/sysctl.conf
+        sed -i "s|net.ipv4.conf.default.accept_redirects.*|net.ipv4.conf.default.accept_redirects = 0|g" /etc/sysctl.conf
+    fi
     mark_completed $FUNCNAME
 }