{"description": "Firewall zones define the trust level of network connections or interfaces.\nNote: Changing firewall settings while connected over network can result in \nbeing locked out of the system.", "rationale": "A network interface not assigned to the appropriate zone can allow unexpected or\nundesired network traffic to be accepted on the interface.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "Your system accepts all incoming packets for unnecessary services and ports", "ocil": "To verify that the interface(s) follow site policy for zone assignment run the \nfollowing command: \n<pre>$ sudo nmcli -t connection show | awk -F: '{if($4){print $4}}' | while read INT;\ndo firewall-cmd --get-active-zones | grep -B1 $INT; done</pre>\nIf your have to assign an interface to the appropriate zone run the following command: \n<pre>$ sudo firewall-cmd --zone=<Zone NAME> --change-interface=<INTERFACE NAME></pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[firewalld]", "platforms": ["package[firewalld]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_firewalld"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Ensure network interfaces are assigned to appropriate zone", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-firewalld/set_firewalld_appropriate_zone/rule.yml", "template": null}