Ensure ufw Default Deny Firewall Policy
An XCCDF Rule
Description
A default deny policy on connections ensures that any unconfigured network usage will be rejected. Note: Any port or protocol without a explicit allow before the default deny will be blocked.
warning alert: Warning
Changing firewall settings while connected over network can
result in being locked out of the system.
Rationale
With a default accept policy the firewall will accept any packet that is not configured to be denied. It is easier to allow acceptable usage than to block unacceptable usage.
- ID
- xccdf_org.ssgproject.content_rule_set_ufw_default_rule
- Severity
- Medium
- References
- Updated