ncopa
commented
2 years ago This is a kernel setting and containers does not run their own kernel. This is a host setting (and thus has nothing to do with the alpine linux container image)
You can disable it with echo 0 >/proc/sys/net/ipv4/ip_forward on the host OS if that is what you want to do. But most users want have network connectivity in their containers, and they normally do that by routing via the host so the host needs ip_forward.
Also keep in mind that containers (and linux namespaces) was not invented in 2005 so the recommendations back then was different than from today.
According to the security finding (115284-IP Forwarding Enabled), what should be done for fixing this or just ignore the recommendation because IP Forwarding needs to be enabled on container or K8s host?
Description If this machine is not a router or a firewall, then IP forwarding should not be activated. Note: Disabling IP Forward on containers and/or Kubernetes hosts may cause issues and may not be applicable.
Impact: If this machine is not intended to be a router, then it may allow a malicious user to access your internal network.