Back

Configure the "firewalld" to organizational standards.


CONTROL ID
15321
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure network protection settings to organizational standards., CC ID: 07601

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Ensure firewalld is either not installed or masked with iptables Description: firewalld (Dynamic Firewall Manager) provides a dynamically managed firewall with support for network/ firewall \u201czones\u201d to assign a level of trust to a network and its associated connections, interfaces or source… (3.5.3.1.3, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 1)
  • Ensure firewalld default zone is set Description: A firewall zone defines the trust level for a connection, interface or source address binding. This is a one to many relation, which means that a connection, interface or source can only be part of one zone, but a zone can be used for many network co… (3.5.1.5, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 1)
  • Ensure firewalld is installed Description: firewalld is a firewall management tool for Linux operating systems. It provides firewall features by acting as a front-end for the Linux kernel's netfilter framework via the iptables backend or provides firewall features by acting as a front-end for the Li… (3.5.1.1, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 1)
  • Ensure firewalld is either not installed or masked with nftables Description: firewalld (Dynamic Firewall Manager) provides a dynamically managed firewall with support for network/ firewall \u201czones\u201d to assign a level of trust to a network and its associated connections, interfaces or source… (3.5.2.2, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 1)
  • Ensure firewalld drops unnecessary services and ports Description: Services and ports can be accepted or explicitly rejected or dropped by a zone. For every zone, you can set a default behavior that handles incoming traffic that is not further specified. Such behavior is defined by setting the targe… (3.5.1.7, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 1)
  • Ensure firewalld service enabled and running Description: `firewalld.service` enables the enforcement of firewall rules configured through `firewalld` Rationale: Ensure that the `firewalld.service` is enabled and running to enforce firewall rules configured through `firewalld` Remediation Procedure:… (3.5.1.4, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 1)
  • Ensure firewalld service enabled and running Description: `firewalld.service` enables the enforcement of firewall rules configured through `firewalld` Rationale: Ensure that the `firewalld.service` is enabled and running to enforce firewall rules configured through `firewalld` Remediation Procedure:… (3.5.1.4, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Ensure firewalld is either not installed or masked with iptables Description: firewalld (Dynamic Firewall Manager) provides a dynamically managed firewall with support for network/ firewall \u201czones\u201d to assign a level of trust to a network and its associated connections, interfaces or source… (3.5.3.1.3, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Ensure firewalld default zone is set Description: A firewall zone defines the trust level for a connection, interface or source address binding. This is a one to many relation, which means that a connection, interface or source can only be part of one zone, but a zone can be used for many network co… (3.5.1.5, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Ensure firewalld drops unnecessary services and ports Description: Services and ports can be accepted or explicitly rejected or dropped by a zone. For every zone, you can set a default behavior that handles incoming traffic that is not further specified. Such behavior is defined by setting the targe… (3.5.1.7, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Ensure firewalld is either not installed or masked with nftables Description: firewalld (Dynamic Firewall Manager) provides a dynamically managed firewall with support for network/ firewall \u201czones\u201d to assign a level of trust to a network and its associated connections, interfaces or source… (3.5.2.2, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Ensure firewalld is installed Description: firewalld is a firewall management tool for Linux operating systems. It provides firewall features by acting as a front-end for the Linux kernel's netfilter framework via the iptables backend or provides firewall features by acting as a front-end for the Li… (3.5.1.1, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Ensure firewalld default zone is set Description: A firewall zone defines the trust level for a connection, interface or source address binding. This is a one to many relation, which means that a connection, interface or source can only be part of one zone, but a zone can be used for many network co… (3.4.2.4, CIS Oracle Linux 8 Benchmark, Server Level 1, v1.0.1)
  • Ensure firewalld drops unnecessary services and ports Description: Services and ports can be accepted or explicitly rejected or dropped by a zone. For every zone, you can set a default behavior that handles incoming traffic that is not further specified. Such behavior is defined by setting the targe… (3.4.2.6, CIS Oracle Linux 8 Benchmark, Server Level 1, v1.0.1)
  • Ensure firewalld service is enabled and running Description: Ensure that the firewalld service is enabled to protect your system Rationale: firewalld (Dynamic Firewall Manager) tool provides a dynamically managed firewall. The tool enables network/ firewall zones to define the trust level of network… (3.4.2.1, CIS Oracle Linux 8 Benchmark, Server Level 1, v1.0.1)
  • Ensure firewalld default zone is set Description: A firewall zone defines the trust level for a connection, interface or source address binding. This is a one to many relation, which means that a connection, interface or source can only be part of one zone, but a zone can be used for many network co… (3.4.2.4, CIS Oracle Linux 8 Benchmark, Server Level 2, v1.0.1)
  • Ensure firewalld drops unnecessary services and ports Description: Services and ports can be accepted or explicitly rejected or dropped by a zone. For every zone, you can set a default behavior that handles incoming traffic that is not further specified. Such behavior is defined by setting the targe… (3.4.2.6, CIS Oracle Linux 8 Benchmark, Server Level 2, v1.0.1)
  • Ensure firewalld service is enabled and running Description: Ensure that the firewalld service is enabled to protect your system Rationale: firewalld (Dynamic Firewall Manager) tool provides a dynamically managed firewall. The tool enables network/ firewall zones to define the trust level of network… (3.4.2.1, CIS Oracle Linux 8 Benchmark, Server Level 2, v1.0.1)