Profile Applicability:
 • Level 1

Description:
 Firewalld uses zones to classify network interfaces based on trust levels, applying specific firewall rules accordingly. Correctly assigning network interfaces to appropriate zones ensures that the firewall enforces the right security policies, reducing exposure and risks.

Rationale:
 Proper assignment of interfaces to zones improves security posture by ensuring that network traffic is filtered according to the required level of trust and protection.

Impact:
 Pros:

  • Enhances network security through tailored firewall policies.

  • Supports segmentation and access control.

Cons:

  • Manual assignment may require administrative oversight and planning.

  • Incorrect zone assignment can lead to connectivity issues.

Default Value:
 Network interfaces may default to the public zone or others if not explicitly assigned.

Pre-requisites:

  • Root or sudo privileges to manage firewall and network interfaces.

Remediation:

Test Plan:

Using Linux command line:

1. List active firewalld zones and associated interfaces:

firewall-cmd --get-active-zones

2. Verify network interfaces are assigned to intended zones per organizational policy.

Implementation Plan:

Using Linux command line:

1. Assign the interface to the correct zone:

firewall-cmd --zone=<zone> --change-interface=<interface> --permanent

2. Reload firewalld to apply changes:

firewall-cmd --reload

3. Confirm interface assignment:

firewall-cmd --get-active-zones

Backout Plan:

Using Linux command line:

1. Revert interface assignment if necessary:

firewall-cmd --zone=<previous-zone> --change-interface=<interface> --permanent

2. Reload firewalld and confirm the change.

References: