Strengthen the Default Ruleset
An XCCDF Group
Description
The default rules can be strengthened. The system
scripts that activate the firewall rules expect them to be defined
in configuration files under the /etc/firewalld/services
and /etc/firewalld/zones directories.
The following recommendations describe how to strengthen the
default ruleset configuration file. An alternative to editing this
configuration file is to create a shell script that makes calls to
the firewall-cmd program to load in rules under the /etc/firewalld/services
and /etc/firewalld/zones directories.
Instructions apply to both unless otherwise noted. Language and address
conventions for regular firewalld rules are used throughout this section.
warning alert: Warning
The program
firewall-config
allows additional services to penetrate the default firewall rules
and automatically adjusts the firewalld ruleset(s).- ID
- xccdf_org.ssgproject.content_group_ruleset_modifications
- Child Items
- Updated