V-3852*, V-3853*, V-3854*: IPv4 restrictions

These sets of STIGs are mainly meant for systems that are not performing
functions. See the documentation for exception explanations.

Implements: blueprint security-hardening

Change-Id: I7f5db959103a7b9f9a3c0be46b8abcc2471a31a5

doc/source/developer-notes/V-38523.rst

@@ -0,0 +1,13 @@
+**Exception**
+
+The STIG makes several requirements for IPv4 network restrictions, but these
+restrictions can impact certain network interfaces and cause service
+disruptions. Some security configurations make sense for certain types of
+network interfaces, like bridges, but other restrictions cause the network
+interface to stop passing valid traffic between hosts, containers, or virtual
+machines.
+
+The default network scripts and LXC userspace tools already configure various
+network devices to their most secure setting. Since some hosts will act as
+routers, enabling security configurations that restrict network traffic can
+cause service disruptions for OpenStack environments.

doc/source/developer-notes/V-38524.rst

@@ -0,0 +1 @@
+V-38523.rst

doc/source/developer-notes/V-38526.rst

@@ -0,0 +1 @@
+V-38523.rst

doc/source/developer-notes/V-38529.rst

@@ -0,0 +1 @@
+V-38523.rst

doc/source/developer-notes/V-38532.rst

@@ -0,0 +1 @@
+V-38523.rst

doc/source/developer-notes/V-38533.rst

@@ -0,0 +1 @@
+V-38523.rst

doc/source/developer-notes/V-38542.rst

@@ -0,0 +1 @@
+V-38523.rst

doc/source/developer-notes/V-38544.rst

@@ -0,0 +1 @@
+V-38523.rst