An XCCDF Group - A logical subset of the XCCDF Benchmark
If firewalld or iptables are being used in your environment, please follow the guidance in their respective section and pass-over the guidance in this section.
ingress
prerouting
input
forward
output
postrouting
accept
drop
NF_IP_PRI_RAW_BEFORE_DEFRAG
NF_IP_PRI_CONNTRACK_DEFRAG
NF_IP_PRI_RAW
NF_IP_PRI_SELINUX_FIRST
NF_IP_PRI_CONNTRACK
NF_IP_PRI_MANGLE
NF_IP_PRI_NAT_DST
NF_IP_PRI_FILTER
NF_IP_PRI_SECURITY
NF_IP_PRI_NAT_SRC
NF_IP_PRI_SELINUX_LAST
NF_IP_PRI_CONNTRACK_HELPER
NF_IP_PRI_CONNTRACK_CONFIRM
NF_BR_PRI_NAT_DST_BRIDGED
NF_BR_PRI_FILTER_BRIDGED
NF_BR_PRI_BRNF
NF_BR_PRI_NAT_DST_OTHER
NF_BR_PRI_FILTER_OTHER
NF_BR_PRI_NAT_SRC
filter
route
nat
ip
ip6
inet
arp
bridge
netdev
nftables
$ apt-get install nftables
$ apt-get remove nftables
$ sudo systemctl enable nftables.service
systemctl disable nftables