{"description": "The default rules can be strengthened. The system\nscripts that activate the firewall rules expect them to be defined\nin configuration files under the <tt>/etc/firewalld/services</tt>\nand <tt>/etc/firewalld/zones</tt> directories.\n<br /><br />\nThe following recommendations describe how to strengthen the\ndefault ruleset configuration file. An alternative to editing this\nconfiguration file is to create a shell script that makes calls to\nthe <tt>firewall-cmd</tt> program to load in rules under the <tt>/etc/firewalld/services</tt>\nand <tt>/etc/firewalld/zones</tt> directories.\n<br /><br />\nInstructions apply to both unless otherwise noted. Language and address\nconventions for regular firewalld rules are used throughout this section.", "warnings": [{"general": "The program <tt>firewall-config</tt>\nallows additional services to penetrate the default firewall rules\nand automatically adjusts the <tt>firewalld</tt> ruleset(s)."}], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": ["configure_firewalld_ports", "configure_firewalld_rate_limiting", "configured_firewalld_default_deny", "ensure_firewall_rules_for_open_ports", "firewalld_loopback_traffic_restricted", "firewalld_loopback_traffic_trusted", "set_firewalld_default_zone"], "platform": "", "platforms": [], "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "title": "Strengthen the Default Ruleset", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-firewalld/ruleset_modifications/group.yml"}