4e8bf6705f
- Removing extra space _ Fixing some typos Change-Id: Ib4f86c7a29074ce0150a3cd55478ed94f2d62c43
741 B
741 B
---id: RHEL-07-040290 status: opt-in tag: misc ---
The STIG requires that a firewall is configured on each server. This
might be disruptive to some environments since the default firewall
policy for firewalld is very restrictive. Therefore, the
tasks in the security role do not install or enable the
firewalld daemon by default.
Deployers can opt in for this change by setting the following Ansible variable:
security_enable_firewalld: yesWarning
Deployers must pre-configure firewalld or copy over a
working XML file in /etc/firewalld/zones/ from another
server. The default firewalld restrictions on Ubuntu, CentOS and Red Hat
Enterprise Linux are highly restrictive.