{"description": "Configure the loopback interface to accept traffic.\nConfigure all other interfaces to deny traffic to the loopback\nnetwork.", "rationale": "Loopback traffic is generated between processes on machine and is\ntypically critical to operation of the system. The loopback interface\nis the only place that loopback network traffic should be seen, all\nother interfaces should ignore traffic on this network as an\nanti-spoofing measure.", "severity": "medium", "references": {"cis": ["4.1.4"]}, "control_references": {"cis": ["4.1.4"]}, "components": [], "identifiers": {}, "ocil_clause": "loopback traffic is not configured", "ocil": "Run the following commands to implement the loopback rules:\n<pre>\n# ufw allow in on lo\n</pre>\n<pre>\n# ufw allow out on lo\n</pre>\n<pre>\n# ufw deny in from 127.0.0.0/8\n</pre>\n<pre>\n# ufw deny in from ::1\n</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "Changing firewall settings while connected over network can\nresult in being locked out of the system."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[ufw]", "platforms": ["package[ufw]"], "sce_metadata": {"platform": ["multi_platform_ubuntu"], "check-import": "stdout", "environment": "any", "filename": "set_ufw_loopback_traffic.sh", "relative_path": "ubuntu2204/checks/sce/set_ufw_loopback_traffic.sh"}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_ufw"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Set UFW Loopback Traffic", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-ufw/set_ufw_loopback_traffic/rule.yml", "template": null}