Strengthen the Default Ruleset
An XCCDF Group
Description
The default rules can be strengthened. The system scripts that activate the firewall rules expect them to be defined in configuration files under the/etc/firewalld/services
and /etc/firewalld/zones directories.
The following recommendations describe how to strengthen the default ruleset configuration file. An alternative to editing this configuration file is to create a shell script that makes calls to the
firewall-cmd program to load in rules under the /etc/firewalld/services
and /etc/firewalld/zones directories.
Instructions apply to both unless otherwise noted. Language and address conventions for regular firewalld rules are used throughout this section.
warning alert: Warning
The program
firewall-config
allows additional services to penetrate the default firewall rules
and automatically adjusts the firewalld ruleset(s).- ID
- xccdf_org.ssgproject.content_group_ruleset_modifications
- Child Items
- Updated