{"description": "If the SSH server is expected to only receive connections from\nthe local network, then strengthen the default firewall rule for the SSH service\nto only accept connections from the appropriate network segment(s).\n<br /><br />\nDetermine an appropriate network block, <tt>netwk</tt>, network mask, <tt>mask</tt>, and\nnetwork protocol, <tt>ip_protocol</tt>, representing the systems on your network which will\nbe allowed to access this SSH server.\n<br /><br />\nRun the following command:\n<pre>firewall-cmd --permanent --add-rich-rule='rule family=\"ip_protocol\" source address=\"netwk/mask\" service name=\"ssh\" accept'</pre>", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": {}, "platform": "", "platforms": [], "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "title": "Strengthen Firewall Configuration if Possible", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ssh/ssh_server/sshd_strengthen_firewall/group.yml"}