{"description": "Assign loopback interface to the <tt>firewalld</tt> <tt>trusted</tt> zone in order to\nexplicitly allow the loopback traffic in the system.\n\nTo configure <tt>firewalld</tt> to trust loopback traffic, run the following command:\n<pre>sudo firewall-cmd --permanent --zone=trusted --add-interface=lo</pre>\nTo ensure <tt>firewalld</tt> settings are applied in runtime, run the following command:\n<pre>firewall-cmd --reload</pre>", "rationale": "Loopback traffic is generated between processes on machine and is typically critical to\noperation of the system. The loopback interface is the only place that loopback network\ntraffic should be seen, all other interfaces should ignore traffic on this network as an\nanti-spoofing measure.", "severity": "medium", "references": {"pcidss4": ["1.4.1", "1.4"]}, "control_references": {"pcidss4": ["1.4.1", "1.4"]}, "components": [], "identifiers": {}, "ocil_clause": "loopback traffic is not trusted", "ocil": "Inspect the network interfaces assigned to the firewalld trusted zone and verify the\n<tt>lo</tt> interface is listed by running the following command:\n\n<pre>$ sudo firewall-cmd --list-interfaces --zone=trusted</pre>", "oval_external_content": null, "fixtext": "Configure Ubuntu 22.04 to explicitly trust loopback traffic using the following commands:\n\n$ sudo firewall-cmd --permanent --zone=trusted --add-interface=lo\n$ sudo firewall-cmd --reload", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Configure Firewalld to Trust Loopback Traffic", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml", "template": null}