Check Details

• Resource: Server
• Check: Ensure outbound and established connections are configured
• Risk: Missing rules can block legitimate outbound traffic and break application/network functionality.

Remediation Steps

1. Open a terminal session with root or sudo privileges.

2. Verify existing firewall rules:

   

   iptables -L -v -n
   

3. Review the output and ensure rules exist for NEW and ESTABLISHED outbound connections and ESTABLISHED inbound connections.

4. Add rules to allow outbound and established connections as per policy:

   

   iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
   iptables -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT
   iptables -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
   

   

   iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
   iptables -A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT
   iptables -A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT
   

5. Save the firewall rules to persist across reboots (method may vary by system).

6. Re-verify the rules:

   

   iptables -L -v -n
   

7. Ensure rules align with your organization's security policy.
8. Perform regular audits to maintain compliance.

Note: Modifying firewall rules over an active network connection may result in loss of access. Ensure proper access or backup connectivity before applying changes.