Configure Firewalls to Protect the FTP Server
An XCCDF Rule
Description
By default, iptables
blocks access to the ports used by the web server.
To configure iptables to allow port 21 traffic, one must edit
/etc/sysconfig/iptables and
/etc/sysconfig/ip6tables (if IPv6 is in use).
Add the following line, ensuring that it appears before the final LOG and DROP lines for the INPUT chain:
-A INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPTEdit the file
/etc/sysconfig/iptables-config. Ensure that the space-separated list of modules contains
the FTP connection tracking module:
IPTABLES_MODULES="ip_conntrack_ftp"
Rationale
These settings configure the firewall to allow connections to an FTP server.
- ID
- xccdf_org.ssgproject.content_rule_ftp_configure_firewall
- Severity
- Unknown
- Updated