GEN008540 - The system's local firewall must implement a deny-all, allow-by-exception policy.

Information

A local firewall protects the system from exposing unnecessary or undocumented network services to the local enclave. If a system within the enclave is compromised, firewall protection on an individual system continues to protect it from attack.

Solution

Edit /etc/ipf/ipf.conf and add a default deny rule.
Restart the ipfilter service.
# svcadm restart network/ipfilter

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_SPARC_V2R4_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(1), CAT|II, CCI|CCI-002314, Rule-ID|SV-227072r854454_rule, STIG-ID|GEN008540, STIG-Legacy|SV-26976, STIG-Legacy|V-22583, Vuln-ID|V-227072

Plugin: Unix

Control ID: 4b25220b8da4c5585e368054e659d8fedf3f55c9aa2c36905c1c176b8e668583