SV-227072r603265_rule
V-227072
SRG-OS-000297
GEN008540
CAT II
10
Edit /etc/ipf/ipf.conf and add a default deny rule.
Restart the ipfilter service.
# svcadm restart network/ipfilter
If the system is not a global zone, this vulnerability is not applicable.
Check the firewall rules for a default deny rule.
# ipfstat -i
An example of a default deny rule is:
block in log quick on ne3 from any to any.
If there is no default deny rule, this is a finding.
V-227072
False
GEN008540
If the system is not a global zone, this vulnerability is not applicable.
Check the firewall rules for a default deny rule.
# ipfstat -i
An example of a default deny rule is:
block in log quick on ne3 from any to any.
If there is no default deny rule, this is a finding.
M
4060