Skip to content

Commit 62f65cf

Browse files
committed
fix(cis_4.2.x.yaml): correct conditional logic for outbound port configuration
Update the loop condition to handle 'all' value properly in ufw outbound port configuration. Replace string containment check with exact equality comparison to prevent unintended behavior when 'all' is specified. Signed-off-by: Thomas Meckel <tmeckel@users.noreply.github.com>
1 parent 5f42974 commit 62f65cf

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

tasks/section_4/cis_4.2.x.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -112,13 +112,13 @@
112112
direction: out
113113
proto: "{{ item.proto }}"
114114
to_port: '{{ item.port }}'
115-
loop: "{{ ubtu24cis_ufw_allow_out_ports }}"
115+
loop: "{{ ubtu24cis_ufw_allow_out_ports if ubtu24cis_ufw_allow_out_ports != 'all' else [] }}"
116116
loop_control:
117117
label: "{{ item.port }}"
118118
notify: Reload ufw
119119

120120
- name: "4.2.5 | PATCH | Ensure ufw outbound connections are configured | Allow all"
121-
when: "'all' in ubtu24cis_ufw_allow_out_ports"
121+
when: ubtu24cis_ufw_allow_out_ports == "all"
122122
community.general.ufw:
123123
rule: allow
124124
direction: out

0 commit comments

Comments
 (0)