Closed bbaassssiiee closed 6 months ago
<interface name="lo"/>
The above is still missing... Should immediate: true
be set?
/etc/firewalld/zones/trusted.xml now has:
<?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
<short>Trusted</short>
<description>All network connections are accepted.</description>
<rule family="ipv4">
<source address="127.0.0.1"/>
<destination address="127.0.0.1" invert="True"/>
<drop/>
</rule>
<rule family="ipv6">
<source address="::1"/>
<destination address="::1" invert="True"/>
<drop/>
</rule>
</zone>
Looks good now
Describe the Issue Configure firewalld to restrict loopback traffic to the lo interface. The loopback traffic must be trusted by assigning the lo interface to the firewalld trusted zone. However, the loopback traffic must be restricted to the loopback interface as an anti-spoofing measure.
Expected Behavior
Actual Behavior
Control(s) Affected 3.4.2.2 Environment (please complete the following information):
Additional Notes Anything additional goes here
Possible Solution Add the rich_rule to the trusted zone