![]() ![]() Remediation will only affect the active system firewall, be sure to configure the default policy in your firewall management to apply on boot as well. Solution Run the following commands to implement the loopback rules: # ip6tables -A INPUT -i lo -j ACCEPT # ip6tables -A OUTPUT -o lo -j ACCEPT # ip6tables -A INPUT -s ::1 -j DROP Additional Information: Changing firewall settings while connected over network can result in being locked out of the system. ![]() NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance. An IPv4 or IPv6 address query for the name localhost must always resolve to the respective loopback address, which is specified in a separate standard. The loopback interface is the only place that loopback network (::1) traffic should be seen, all other interfaces should ignore traffic on this network as an anti-spoofing measure. Either IPv4 or IPv6 addresses may be supplied integers less than 232 will be considered to be IPv4 by default. Rationale: Loopback traffic is generated between processes on machine and is typically critical to operation of the system. A loopback interface is a virtual interface that is always up and reachable as long as at least one of the IPv6 interfaces on the switch is operational. Configure all other interfaces to deny traffic to the loopback network (::1). You are welcome to reference a helper anycodings_loopback function I have called anycodings_loopback GetSocketAddressForAdapter.Information Configure the loopback interface to accept traffic. It must not be assigned to a physical or virtual interface. memcpy(
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |