3.4.2.4 Ensure outbound connections are configured

Information

Configure the firewall rules for new outbound connections.

Rationale:

If rules are not in place for new outbound connections all packets will be dropped by the default policy preventing network usage.

Solution

Configure ufw in accordance with site policy. The following commands will implement a policy to allow all outbound connections on all interfaces:

# ufw allow out on all

Additional Information:

Changing firewall settings while connected over network can result in being locked out of the system. Unlike iptables, when a new outbound rule is added, ufw automatically takes care of associated established connections, so no rules for the latter kind are required.

See Also

https://workbench.cisecurity.org/files/2970

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12), CSCv7|9.4

Plugin: Unix

Control ID: aebe5018ab831d50ca698034a55da2fc914641ef011ae86cdea7524e67fb475b