Configure firewall to Allow Access to the Web Server
An XCCDF Rule
Description
By default, iptables
blocks access to the ports used by the web server.
To configure iptables to allow port 80 traffic, one must edit
/etc/sysconfig/iptables and
/etc/sysconfig/ip6tables (if IPv6 is in use).
Add the following line, ensuring that it appears before the final LOG and DROP lines for the INPUT chain:
-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPTTo configure
iptables to allow port 443 traffic, one must edit
/etc/sysconfig/iptables and
/etc/sysconfig/ip6tables (if IPv6 is in use).
Add the following line, ensuring that it appears before the final LOG and DROP lines for the INPUT chain:
-A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
Rationale
Failure to comply with DoD ports, protocols, and services (PPS) requirements can result in compromise of enclave boundary protections and/or functionality of the AIS.
- ID
- xccdf_org.ssgproject.content_rule_httpd_configure_firewall
- Severity
- Low
- References
- Updated