CCI-001117 requires checking incoming communications for authorized source and destination. This can be accomplished by using iptables.
Signed-off-by: Willy Santos <[email protected]> --- rhel6/src/input/system/network/iptables.xml | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rhel6/src/input/system/network/iptables.xml b/rhel6/src/input/system/network/iptables.xml index b3f798b..ffa18e8 100644 --- a/rhel6/src/input/system/network/iptables.xml +++ b/rhel6/src/input/system/network/iptables.xml @@ -79,7 +79,7 @@ capability for IPv6 and ICMPv6. </rationale> <ident cce="4167-3" /> <oval id="service_ip6tables_enabled" /> -<ref nist="CM-6, CM-7" disa="1115,1118,1092"/> +<ref nist="CM-6, CM-7" disa="1115,1118,1092,1117"/> </Rule> <Rule id="enable_iptables"> @@ -95,7 +95,7 @@ capability for IPv4 and ICMP. </rationale> <ident cce="4189-7" /> <oval id="service_iptables_enabled" /> -<ref nist="CM-6, CM-7" disa="1115,1118,1092,27" /> +<ref nist="CM-6, CM-7" disa="1115,1118,1092,27,1117" /> </Rule> </Group><!--<Group id="iptables_activation">--> -- 1.7.7.6 _______________________________________________ scap-security-guide mailing list [email protected] https://fedorahosted.org/mailman/listinfo/scap-security-guide
