Profile Applicability:
 • Level 1

Description:
 Ensuring that iptables firewall rules explicitly exist for all open ports guarantees that network traffic is properly controlled and only authorized services are accessible. This reduces the attack surface by preventing unauthorized access.

Rationale:
 Explicit firewall rules for open ports enforce security policies and prevent unintended exposure of services to the network.

Impact:
 Pros:

  • Improves system security by tightly controlling network access.

  • Supports compliance with security and auditing requirements.

Cons:

  • Requires ongoing management as open ports change.

Default Value:
 Systems may have open ports without corresponding explicit iptables rules.

Pre-requisites:

  • Root or sudo privileges to inspect and manage firewall rules.

Remediation:

Test Plan:

Using Linux command line:

1. Identify open ports and listening services:

ss -tuln

2. List current iptables rules filtering incoming traffic:

iptables -L INPUT -v -n

3. Cross-check open ports against iptables rules to ensure each open port has an associated allow rule.

Implementation Plan:

Using Linux command line:

1. For any open port missing an iptables allow rule, add the appropriate rule, for example (for TCP port 80):

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

2. Save iptables rules to persist after reboot:

service iptables save  # or equivalent command

3. Verify the rules are applied:

iptables -L INPUT -v -n

Backout Plan:

Using Linux command line:

1. Remove any added rules if necessary:

iptables -D INPUT -p tcp --dport 80 -j ACCEPT

2. Save changes and verify rule removal.

References: