3.3.1.4 Ensure IPv6 firewall rules exist for all open ports

Information

Any ports that have been opened on non-loopback addresses need firewall rules to govern traffic.

Without a firewall rule configured for open ports default firewall policy will drop all packets to these ports.

Solution

For each port identified in the audit which does not have a firewall rule establish a proper rule for accepting inbound connections:

# ip6tables -A INPUT -p <protocol> --dport <port> -m state --state NEW -j ACCEPT

See Also

https://workbench.cisecurity.org/benchmarks/12218

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CA-9, 800-53|CM-7, 800-53|CP-6, 800-53|CP-7, 800-53|PL-8, 800-53|PM-7, 800-53|SA-8, 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.4

Plugin: Unix

Control ID: ac66f92ac5263cac9e3eb8178ced3769262be19df383e823e800a347b352f6a3