{"description": "Most systems must be connected to a network of some\nsort, and this brings with it the substantial risk of network\nattack. This section discusses the security impact of decisions\nabout networking which must be made when configuring a system.\n<br /><br />\nThis section also discusses firewalls, network access\ncontrols, and other network security frameworks, which allow\nsystem-level rules to be written that can limit an attackers' ability\nto connect to your system. These rules can specify that network\ntraffic should be allowed or denied from certain IP addresses,\nhosts, and networks. The rules can also specify which of the\nsystem's network services are available to particular hosts or\nnetworks.", "warnings": [], "requires": [], "conflicts": [], "values": ["var_network_filtering_service"], "groups": ["network-firewalld", "network-ipsec", "network-iptables", "network-ipv6", "network-kernel", "network-nftables", "network-susefirewall2", "network-ufw", "network-uncommon", "network-wireless", "network_disable_unused_interfaces", "network_ssl", "networkmanager"], "rules": ["firewall_single_service_active", "network_configure_name_resolution", "network_disable_ddns_interfaces", "network_disable_zeroconf", "network_implement_access_control", "network_nmcli_permissions", "network_sniffer_disabled"], "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Network Configuration and Firewalls", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/group.yml"}