IPv4 default deny policy is not configured in Linux firewall
Description
It is impossible to configure every possible action for all connections while configuring firewall rules. Therefore, it is advisable to set default policy to deny all connections to IPv4 and specify the connections to be allowed.
Severity
important
Category
Linux - Firewall
Resolution
Follow the below steps to resolve the misconfiguration.
Run the following commands to implement a default DROP policy:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
