Information
Configure the firewall rules for new outbound and established connections
Rationale:
If rules are not in place for established connections, all packets will be dropped by the default policy preventing network usage.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
If NFTables utility is in use on your system:
Configure nftables in accordance with site policy. The following commands will implement a policy to allow all established connections:
# systemctl is-enabled nftables.service | grep -q 'enabled' && nft add rule inet filter input ip protocol tcp ct state established accept
# systemctl is-enabled nftables.service | grep -q 'enabled' && nft add rule inet filter input ip protocol udp ct state established accept
# systemctl is-enabled nftables.service | grep -q 'enabled' && nft add rule inet filter input ip protocol icmp ct state established accept