Strengthen Firewall Configuration if Possible

An XCCDF Group

Details
Profiles
Prose

Description

If the SSH server is expected to only receive connections from the local network, then strengthen the default firewall rule for the SSH service to only accept connections from the appropriate network segment(s).

Determine an appropriate network block, netwk, network mask, mask, and network protocol, ip_protocol, representing the systems on your network which will be allowed to access this SSH server.

Run the following command:

firewall-cmd --permanent --add-rich-rule='rule family="ip_protocol" source address="netwk/mask" service name="ssh" accept'

ID: xccdf_org.ssgproject.content_group_sshd_strengthen_firewall
Child Items: 0
Updated: about 1 year ago