4.1.5 Ensure ufw outbound connections are configured

Information

Configure the firewall rules for new outbound connections.

Note:

- Changing firewall settings while connected over network can result in being locked out of the system.
- Unlike iptables, when a new outbound rule is added, ufw automatically takes care of associated established connections, so no rules for the latter kind are required.

If rules are not in place for new outbound connections all packets will be dropped by the default policy preventing network usage.

Solution

Configure ufw in accordance with site policy. The following commands will implement a policy to allow all outbound connections on all interfaces:

# ufw allow out on all

See Also

https://workbench.cisecurity.org/benchmarks/17045

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CA-9, 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.4

Plugin: Unix

Control ID: 21c1345118d75727381713e7b20708a85c4764652a23aa7dac2d7ee035a9eb69