having static ip address of 192.168.1.1
and a netmask of 255.255.255.0

my system works fine, without setting a default gateway it can see other computers on my local network of 192.168.1.# through a network switch, no router. everything works fine, and there is no outside or internet access nor does there need to be.

i'm told a default gateway needs to be set, what value do i use?

Told by whom? If you are not trying to access any network addresses other than your local segment, there is no use for a gateway address.

You only need a gateway address if you wish to access IP addresses outside of the subnet.

The IP address plus subnet mask determines what is in and what is out of subnet.

these people: https://stigviewer.com/stig/unix_srg...finding/V-4397

The system must be configured with a default gateway for IPv4 if the system uses IPv4, unless the system is a router.

If a system has no default gateway defined, the system is at increased risk of man-in-the-middle, monitoring, and Denial-of-Service attacks.

those same people also tell me i need a separate file system partition for
/home {V-12003}
/tmp {V-23739}
/var {V-23736}
/var/log/audit {V-23738}

so in addition to /dev/sda1 my efi boot partition, and
/dev/sda2 my / ext 3 partition,
i need to make 4 other partitions on the disk.. or use more hard drives.

As an old co-worker worker so eloquently put it, "They want a number? Give them a {expletive} number!" Pick an unused address in your local network and configure that as the gateway for the default route. It will be a "router" that is always down.

It is a bit hard for an IPv4 system to be attacked when there is no gateway(ip).

You should just try it without a gateway address and see if you can access the outside world.

I don't wish to be rude but, perhaps, it is worth finding out what a default gateway does, what a partition is and why one would use more than one on a Linux install and a few other details before jumping in and trying to use whatever product this is you are trying to install (I am guessing some kind of security toolkit?).

"A default gateway in computer networking is the node that is assumed to know how to forward packets on to other networks."

I already know if i only set up a static ip address and subnet mask but no dns and no gateway values then a user cannot easily get out past that initial network switch/router it's connected to. This is with that switch/router the system is connected to having an uplink to other switches/routers that then make it to a gateway getting out to outside networks and the internet.
I guess that opens up the question: can a user with no elevated privilege on a linux system still somehow get data in/out from the system over the network when it's set up like that without a gateway?

I want to understand why setting a default gateway is better.. how it is "at increased risk" according to what is said when no gateway is set?
I would think... just like not installing software you don't need... if a gateway is NOT set then would i not be better off ? It's a simple isolated network, and i do NOT want connectivity to any outside network beyond what computers are connected to this one 16-port or 24-port network switch (not router).


if i set the default gateway to some bogus address that no computer is on,
the big thing these days being insider threat,
since my system is physically not connected to an outside network then wouldn't setting a default gateway make it more vulnerable if someone on the inside is then able to connect some other system on that network having an ip address that is the default gateway value i set for my system.... just to give them an f'ing number ?

I found it funny you said, "As an old co-worker worker so eloquently put it..."
the key word being old co-worker...

I don't want to just give them a number though, they can go pound sand. I want to know what the best way to do it is, and why.

The context for that remark had nothing whatever to do with computers or networking, but addressed bureaucratic requests for a number for some trivial, but annoying to determine, quantity, e.g., "How many soldering irons are used in this facility?" "Just write '27' in there and be done with it. They want a number -- give them a few-king number!"

If there is no requirement to satisfy this as part of some audit, forget about it. It is meaningless to specify a gateway for an interface that has no route to anything other than its local subnet. You don't have that interface marked as a default route, do you? Is there even another machine on that subnet capable of acting as a router and forwarding packets outside the subnet?

I can tell you right now that setting a default GW will not protect you from any of the things listed on that site.

People who make claims like the ones on that site without any justification or examples (I would like to see their claims for your configuration) don't know what they're talking about.

FYI A legit man-in-the-middle attack on your configuration would occur at L2, no L3 protection will stop that.