Ensure firewall rules exist for all open ports

Details

Any ports that have been opened on non-loopback addresses need firewall rules to govern traffic.

Solution

For each port identified in the audit which does not have a firewall rule establish a proper rule for accepting inbound connections:
# iptables -A INPUT -p –dport -m state –state NEW -j ACCEPT

Supportive Information

The following resource is also helpful.

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.html

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

800-53|SC-7(12)
CSCv6|9.1
CSCv6|9.2

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles