a676e37a84
* Docs are now ordered by STIG ID number to make them easier to browse. * Deployer notes are better organized. * Script + CSV added for automated documentation generation. Implements: blueprint security-hardening Change-Id: Ib87bec701eddf1601574f4e027f301c775e5e1cd
741 B
741 B
V-38444: The systems local IPv6 firewall must implement a deny-all, allow-by-exception policy for inbound packets.
In "ip6tables" the default policy is applied only after all the applicable rules in the table are examined for a match. Setting the default policy to "DROP" implements proper design for a firewall, i.e., any packets which are not explicitly permitted should not be accepted.
Details: V-38444 in STIG Viewer.