Ubuntu1804-CIS icon indicating copy to clipboard operation
Ubuntu1804-CIS copied to clipboard

Published 20 hours ago verified publisher icon florianutz

ufw - 'all' is not a valid interface name

Open andrewmooreio opened this issue 3 years ago • 0 comments

Describe the bug https://github.com/florianutz/Ubuntu1804-CIS/blob/5478c0e8ef437365b1aff45d81a86943d3162656/tasks/section3.yml#L516 'all' is not a valid interface name or keyword, as such applying this rule will block all outbound traffic.

It results in the following iptables rule: -A ufw-user-output -o all -j ACCEPT

The desired iptables rule to allow all outbound traffic is: -A ufw-user-output -j ACCEPT

The CIS documentation that references the command ufw allow out on all is incorrect, it should be ufw allow out to any.

To Reproduce Steps to reproduce the behavior:

  1. Deploy playbook to Ubuntu 18.04, all outbound traffic is blocked.

Expected behavior All outbound traffic to be permitted.

Software (please complete the following information):

  • Ansible Version: 2.9.15
  • Role/Repo Version: master

Additional context Simply remove the referenced line (516) in section3.yml. Doing so will default the ufw command to any interface.

andrewmooreio avatar Apr 08 '21 12:04 andrewmooreio