Feature Request: Firewall Disable.

dsglaser / cis-security

Playbooks to implement Center for Internet Security (CIS) controls for RHEL (7-9), RHEL Clones, Ubuntu (18.04-22.04), and Microsoft Windows (10, Server 2019)

Other

90 stars 63 forks source link

Feature Request: Firewall Disable. #30

Closed metabsd closed 3 years ago

metabsd commented 3 years ago

Do you think it would be useful to add the possibility to disable the firewall. A useful option might be disabled. Thx!

https://github.com/dsglaser/cis-security/blob/9388a4a7f0d966af90a300df6884b134ed45e124/dsglaser/cis_security/roles/cis_security/defaults/main.yml#L60

dsglaser commented 3 years ago

It would be useful, however the CIS controls that the playbook is attempting to enforce do not have an option for disabling it. The control is to enable firewalld or iptables and then to configure it. I don't configure it because in that there's too many variables, but it really should be for the controls to be correct.

The way around it is to skip the tag(s) for the firewall options when you run the playbook.

metabsd commented 3 years ago

You right. So I will maintain couple other config on our role locally.

dsglaser commented 3 years ago

Right, either skip the tag or include your own firewall config file is the best way to handle it. Thanks!