a676e37a84
* Docs are now ordered by STIG ID number to make them easier to browse. * Deployer notes are better organized. * Script + CSV added for automated documentation generation. Implements: blueprint security-hardening Change-Id: Ib87bec701eddf1601574f4e027f301c775e5e1cd
17 lines
740 B
ReStructuredText
17 lines
740 B
ReStructuredText
V-38513: The systems local IPv4 firewall must implement a deny-all, allow-by-exception policy for inbound packets.
|
|
------------------------------------------------------------------------------------------------------------------
|
|
|
|
In "iptables" the default policy is applied only after all the applicable
|
|
rules in the table are examined for a match. Setting the default policy to
|
|
"DROP" implements proper design for a firewall, i.e., any packets which are
|
|
not explicitly permitted should not be accepted.
|
|
|
|
Details: `V-38513 in STIG Viewer`_.
|
|
|
|
.. _V-38513 in STIG Viewer: https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2015-05-26/finding/V-38513
|
|
|
|
Notes for deployers
|
|
~~~~~~~~~~~~~~~~~~~
|
|
|
|
.. include:: developer-notes/V-38513.rst
|