Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ufw - 'all' is not a valid interface name #98

Open
andrewmooreio opened this issue Apr 8, 2021 · 0 comments
Open

ufw - 'all' is not a valid interface name #98

andrewmooreio opened this issue Apr 8, 2021 · 0 comments
Labels
bug Something isn't working enhancement New feature or request

Comments

@andrewmooreio
Copy link

Describe the bug

Ubuntu1804-CIS/tasks/section3.yml

Line 516 in 5478c0e

interface: all

'all' is not a valid interface name or keyword, as such applying this rule will block all outbound traffic.

It results in the following iptables rule:
-A ufw-user-output -o all -j ACCEPT

The desired iptables rule to allow all outbound traffic is:
-A ufw-user-output -j ACCEPT

The CIS documentation that references the command ufw allow out on all is incorrect, it should be ufw allow out to any.

To Reproduce
Steps to reproduce the behavior:

  1. Deploy playbook to Ubuntu 18.04, all outbound traffic is blocked.

Expected behavior
All outbound traffic to be permitted.

Software (please complete the following information):

  • Ansible Version: 2.9.15
  • Role/Repo Version: master

Additional context
Simply remove the referenced line (516) in section3.yml. Doing so will default the ufw command to any interface.
@florianutz florianutz added bug Something isn't working enhancement New feature or request labels Apr 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@florianutz @andrewmooreio