Ensure iptables Rules Are Flushed When Using nftables : iCompaas Support

Profile Applicability:
• Level 1

Description:
When migrating from iptables to nftables, it is important to flush existing iptables rules to avoid conflicts and ensure that nftables rules operate correctly. Manually flushing iptables ensures a clean firewall state, preventing rule overlap or unintended access.

Rationale:
Flushing iptables rules prevents conflicts between legacy iptables rules and nftables configurations, maintaining consistent and predictable firewall behavior.

Impact:
Pros:

Eliminates potential rule conflicts.
Ensures nftables firewall policies are effectively enforced.

Cons:

Manual process requires careful execution to avoid temporary loss of firewall protection.

Default Value:
iptables rules are not automatically flushed when nftables is enabled.

Pre-requisites:

Root or sudo privileges to manage firewall configurations.

Remediation:

Test Plan:

Using Linux command line:

1. List current iptables rules:

iptables -L -v -n

2. Confirm presence of active iptables rules.

Implementation Plan:

Using Linux command line:

1. Flush all iptables rules:

iptables -F  
iptables -X  
iptables -t nat -F  
iptables -t nat -X  
iptables -t mangle -F  
iptables -t mangle -X  
iptables -t raw -F  
iptables -t raw -X

2. Save iptables configuration if applicable:

service iptables save  # or equivalent on your system

3. Verify iptables rules are flushed:

iptables -L -v -n

Backout Plan:

Using Linux command line:

1. Restore iptables rules from backup if required:

service iptables restore  # or load saved rules

2. Verify firewall status and connectivity.

References:

CIS Amazon Linux 2 Benchmark v3.0.0
iptables Documentation
nftables Migration Guide

Ensure iptables Rules Are Flushed When Using nftables Print

Test Plan:

Implementation Plan:

Backout Plan:

Related Articles