https://community.hpe.com/t5/operating-system-hp-ux/bastille-does-not-lock-down-ip-forwarding/m-p/5155911#M732327 /var/opt/sec_mgmt/bastille/TODO.txt :)<BR /><BR />Yes manual entry needed<BR /> Tue, 10 Feb 2009 06:01:55 GMT CITEC HP TEAM 2009-02-10T06:01:55Z https://community.hpe.com/t5/operating-system-hp-ux/bastille-does-not-lock-down-ip-forwarding/m-p/5155910#M732326 As per the doco running Bastille for HOST.config should lock down ip_forwaring and update /etc/rc.config.d/nndconf with the following:<BR /><BR />The following ndd changes will be made:<BR /><BR />ip_forward_directed_broadcasts=0<BR />ip_forward_src_routed=0<BR />ip_forwarding=0<BR />ip_ire_gw_probe=0<BR />ip_pmtu_strategy=1<BR />ip_send_source_quench=0<BR />tcp_conn_request_max=4096<BR />tcp_syn_rcvd_max=1000<BR /><BR />We have run this on several 11.11 and 11.23 systems and nndconf was not updated.<BR /><BR />However, for 11.31 it was.<BR /><BR />Does anyone know the cause?<BR /><BR />If these settings are not already in the file then is it the case that running bastille with HOST.config will not update nndconf?<BR /><BR />Many thanks,<BR />USG2 - CITEC Tue, 10 Feb 2009 05:36:06 GMT https://community.hpe.com/t5/operating-system-hp-ux/bastille-does-not-lock-down-ip-forwarding/m-p/5155910#M732326 CITEC HP TEAM 2009-02-10T05:36:06Z https://community.hpe.com/t5/operating-system-hp-ux/bastille-does-not-lock-down-ip-forwarding/m-p/5155911#M732327 /var/opt/sec_mgmt/bastille/TODO.txt :)<BR /><BR />Yes manual entry needed<BR /> Tue, 10 Feb 2009 06:01:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/bastille-does-not-lock-down-ip-forwarding/m-p/5155911#M732327 CITEC HP TEAM 2009-02-10T06:01:55Z