You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
sed -i '/^COMMIT/i -A ufw-before-output -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT' /etc/ufw/before.rules
sed -i '/^COMMIT/i -A ufw-before-output -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT' /etc/ufw/before.rules
sed -i '/^COMMIT/i -A ufw6-before-output -p icmpv6 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT' /etc/ufw/before6.rules
sed -i '/^COMMIT/i -A ufw6-before-output -p icmpv6 -m state --state ESTABLISHED,RELATED -j ACCEPT' /etc/ufw/before6.rules
Would the first rule for ipv4 and 6 not cover both cases, with established and related already included?
Am I missing something?
Another thing why explicitly deny 127.0.0.0/8 if default is deny?
ufw allow in on lo
ufw allow out on lo
ufw deny in from 127.0.0.0/8
ufw deny in from ::1
ufw default deny incoming
I feel like there is something I am missing here.
The text was updated successfully, but these errors were encountered:
Hi @Xavantex, you are corrrect. Setting default deny does deny it as well, but it's to make sure (you might not want to deny by default) we configure the loopback interface to accept traffic and configure all other interfaces to deny traffic to the loopback networks.
This is also an requirement for the CIS Ubuntu benchmark (3.4.1.4).
The following code is used in the ufw script:
Would the first rule for ipv4 and 6 not cover both cases, with established and related already included?
Am I missing something?
Another thing why explicitly deny 127.0.0.0/8 if default is deny?
I feel like there is something I am missing here.
The text was updated successfully, but these errors were encountered: