{"description": "Configure the loopback interface to accept traffic.\nConfigure all other interfaces to deny traffic to the loopback\nnetwork.", "rationale": "Loopback traffic is generated between processes on machine and is\ntypically critical to operation of the system. The loopback interface\nis the only place that loopback network traffic should be seen, all\nother interfaces should ignore traffic on this network as an\nanti-spoofing measure.", "severity": "medium", "references": {"pcidss": ["Req-1.3"], "cis": ["4.3.2.2"], "pcidss4": ["1.4.1", "1.4"]}, "control_references": {"cis": ["4.3.2.2"], "pcidss4": ["1.4.1", "1.4"]}, "components": [], "identifiers": {}, "ocil_clause": "loopback traffic is not configured", "ocil": "Run the following commands and verify output:\n<pre>\n# iptables -L INPUT -v -n | grep lo | grep ACCEPT\n</pre>\n<pre>\n# iptables -L INPUT -v -n | grep 127.0.0.0\\/8 | grep DROP\n</pre>\n<pre>\n# iptables -L OUTPUT -v -n | grep lo | grep ACCEPT\n</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "Changing firewall settings while connected over network can\nresult in being locked out of the system."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "not package[nftables] and not package[ufw] and package[iptables]", "platforms": ["not package[nftables] and not package[ufw] and package[iptables]"], "sce_metadata": {"platform": ["multi_platform_sle", "multi_platform_ubuntu"], "check-import": "stdout", "environment": "any", "filename": "set_loopback_traffic.sh", "relative_path": "ubuntu2204/checks/sce/set_loopback_traffic.sh"}, "inherited_platforms": [], "cpe_platform_names": ["not_package_nftables_and_not_package_ufw_and_package_iptables"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Set configuration for loopback traffic", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml", "template": null}