Configure the Firewalld Ports
An XCCDF Rule
Description
Configure the firewalld
ports to allow approved services to have access to the system.
To configure firewalld
to open ports, run the following command:
firewall-cmd --permanent --add-port=port_number/tcpTo configure
firewalld
to allow access for pre-defined services, run the following
command:
firewall-cmd --permanent --add-service=service_name
Rationale
In order to prevent unauthorized connection of devices, unauthorized transfer of information,
or unauthorized tunneling (i.e., embedding of data types within data types), organizations must
disable or restrict unused or unnecessary physical and logical ports/protocols on information
systems.
Operating systems are capable of providing a wide variety of functions and services.
Some of the functions and services provided by default may not be necessary to support
essential organizational operations.
Additionally, it is sometimes convenient to provide multiple services from a single component
(e.g., VPN and IPS); however, doing so increases risk over limiting the services provided by
one component.
To support the requirements and principles of least functionality, the operating system must
support the organizational requirements, providing only essential capabilities and limiting the
use of ports, protocols, and/or services to only those required, authorized, and approved to
conduct official business.
- ID
- xccdf_org.ssgproject.content_rule_configure_firewalld_ports
- Severity
- Medium
- References
- Updated