This module audits and reports network port policy and configuration. It is designed to audit that:
- Network ports are bound to the expected interfaces.
- There are no rogue ports not compliant to the policy.
CRITICAL level alert will be emitted when network policy is violated.
- List of policy violations, if any.
- List of ports and interfaces they are bound to.
Default policy for all-interfaces bound INET ports. Set to
allow to permit rogue ports to bind to system wide interfaces -
0.0.0.0 for IPv4,
:: for IPv6.
Default policy for loopback bound INET ports. Set to
allow to permit rogue ports to bind to loopback interfaces -
127.0.0.1 for IPv4,
::1 for IPv6, and
::ffff:127.0.0.1 for IPv4/6.
Default policy for interface bound INET ports. Set to
allow to permit rogue ports to bind to specific interfaces.
This section contains a list of per-port policies, as key value pairs where the INET port is key, and policy rules is value.
Each port can have one or more policy entries, separated by a space. Possible policy rules are:
loopback- permit loopback interface (
any- permit any interface (
- interface address - for specific interfaces.
[mod_lwall] policy_any = restrict policy_loopback = restrict policy_bound = restrict [mod_lwall_map] 80 = any 443 = any 1234 = loopback 10.10.10.32 10.10.10.33 2345 = loopback