Information
The iptables-services package includes the /etc/sysconfig/iptables file. The iptables rules in this file will be loaded by the iptables.service during boot, or when it is started or re-loaded.
If the iptables rules are not saved and a system re-boot occurs, the iptables rules will be lost.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Run the following commands to create or update the /etc/sysconfig/iptables file:
Run the following command to review the current running iptables configuration:
# iptables -L
Output should include:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- loopback/8 anywhere
ACCEPT tcp -- anywhere anywhere state ESTABLISHED
ACCEPT udp -- anywhere anywhere state ESTABLISHED
ACCEPT icmp -- anywhere anywhere state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED
ACCEPT udp -- anywhere anywhere state NEW,ESTABLISHED
ACCEPT icmp -- anywhere anywhere state NEW,ESTABLISHED
Run the following command to save the verified running configuration to the file /etc/sysconfig/iptables :
# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]