UCF STIG Viewer Logo

Stealth Mode must be enabled on the firewall.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25337 OSX00465 M6 SV-37266r1_rule ECSC-1 Medium
Description
Enable Stealth Mode to prevent the computer from sending responses to uninvited traffic.
STIG Date
MAC OSX 10.6 Workstation Security Technical Implementation Guide Draft 2013-01-10

Details

Check Text ( C-35957r1_chk )
Open a terminal session and enter the following command.

sudo ipfw print

If no line contains "deny icmp from any to me in icmptypes 8" or a more restrictive rule, this is a finding.
Fix Text (F-31212r1_fix)
Open a terminal session and edit or create /Library/LaunchDaemons/org.freebsd.ipfw.plist and ensure it contains the following.


"http://www.apple.com/DTDs/ PropertyList-1.0.dtd">

Label
org.freebsd.ipfw
Program
/sbin/ipfw
ProgramArguments

/sbin/ipfw
/etc/ipfw.conf

RunAtLoad




Edit or create /etc/ipfw.conf and ensure it contains the following line (the first number, a line number, may need to be changed if another line already begins with that number).

Add 20 deny icmp from any to me in icmptypes 8