Install iptables Package
An XCCDF Rule
Description
The iptables
package can be installed with the following command:
$ sudo zypper install iptables
Rationale
iptables
controls the Linux kernel network packet filtering
code. iptables
allows system operators to set up firewalls and IP
masquerading, etc.
- ID
- xccdf_org.ssgproject.content_rule_package_iptables_installed
- Severity
- Medium
- References
- Updated
Remediation - Puppet
include install_iptables
class install_iptables {
package { 'iptables':
ensure => 'installed',
}
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if ( [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] ); then
zypper install -y "iptables"
else
Remediation - OS Build Blueprint
[[packages]]
name = "iptables"
version = "*"
Remediation - Ansible
- name: Ensure iptables is installed
package:
name: iptables
state: present
when: ( ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman",
"container"] )