CCI-001109 requires the default firewall policy to deny all traffic explicitly permitted. The default_iptables_policies rule meets this requirement.
Signed-off-by: Willy Santos <[email protected]> --- rhel6/src/input/system/network/iptables.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/rhel6/src/input/system/network/iptables.xml b/rhel6/src/input/system/network/iptables.xml index 58ab1e6..a0c836c 100644 --- a/rhel6/src/input/system/network/iptables.xml +++ b/rhel6/src/input/system/network/iptables.xml @@ -147,7 +147,7 @@ the INPUT built-in chain.</description> are examined for a match. Connection attempts that are not explicitly authorized should be denied by default.</rationale> <ident cce="14264-6" /> <oval id="iptables_default_policy_drop" /> -<ref nist="AC-4, CM-6" /> +<ref nist="AC-4, CM-6" disa="1109" /> </Rule> </Group><!--<Group id="default_iptables_policies">--> -- 1.7.7.6 _______________________________________________ scap-security-guide mailing list [email protected] https://fedorahosted.org/mailman/listinfo/scap-security-guide
