Uninstall nftables package
An XCCDF Rule
Description
nftables is a subsystem of the Linux kernel providing filtering and classification of network
packets/datagrams/frames and is the successor to iptables.
The nftables
package can be removed with the following command:
$ apt-get remove nftables
Rationale
Running both firewalld
and nftables
may lead to conflict.
- ID
- xccdf_org.ssgproject.content_rule_package_nftables_removed
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Ensure nftables is removed
package:
name: nftables
state: absent
tags:
- disable_strategy
Remediation - Puppet
include remove_nftables
class remove_nftables {
package { 'nftables':
ensure => 'purged',
}
Remediation - Shell Script
# CAUTION: This remediation script will remove nftables
# from the system, and may remove any packages
# that depend on nftables. Execute this
# remediation AFTER testing on a non-production
# system!