{"description": "Configure the loopback interface to accept traffic.\nConfigure all other interfaces to deny traffic to the loopback\nnetwork.", "rationale": "Loopback traffic is generated between processes on machine and is\ntypically critical to operation of the system. The loopback interface\nis the only place that loopback network traffic should be seen,\nall other interfaces should ignore traffic on this network as an\nanti-spoofing measure.", "severity": "medium", "references": {"pcidss": ["Req-1.3"], "cis": ["4.3.3.2"], "pcidss4": ["1.4.1", "1.4"]}, "control_references": {"cis": ["4.3.3.2"], "pcidss4": ["1.4.1", "1.4"]}, "components": [], "identifiers": {}, "ocil_clause": "ipv6 loopback traffic is not configured", "ocil": "Verify that the ipv6 loopback interface has required rules in order:\n<pre>$ iptables -L INPUT -v -n</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "Changing firewall settings while connected over network can\nresult in being locked out of the system."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "not package[nftables] and not package[ufw] and package[iptables]", "platforms": ["not package[nftables] and not package[ufw] and package[iptables]"], "sce_metadata": {"platform": ["multi_platform_sle", "multi_platform_ubuntu"], "check-import": "stdout", "environment": "any", "filename": "set_ipv6_loopback_traffic.sh", "relative_path": "ubuntu2204/checks/sce/set_ipv6_loopback_traffic.sh"}, "inherited_platforms": [], "cpe_platform_names": ["not_package_nftables_and_not_package_ufw_and_package_iptables"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Set configuration for IPv6 loopback traffic", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml", "template": null}