Ensure nftables Service Is Enabled and Active : iCompaas Support

Profile Applicability:
• Level 1

Description:
The nftables service manages firewall rules for packet filtering and network security. Ensuring that the nftables service is enabled and actively running guarantees continuous enforcement of firewall policies on the system.

Rationale:
Enabling and running the nftables service ensures that firewall rules are applied consistently, protecting the system from unauthorized network access.

Impact:
Pros:

Provides continuous firewall protection.
Supports dynamic rule management and improved security posture.

Cons:

Requires proper firewall configuration to be effective.

Default Value:
The nftables service may be installed but not enabled or running by default.

Pre-requisites:

Root or sudo privileges to manage system services.

Remediation:

Test Plan:

Using Linux command line:

1. Check if nftables service is enabled

systemctl is-enabled nftables

2. Check if nftables service is active:

systemctl is-active nftables

Implementation Plan:

Using Linux command line:

1. Enable the nftables service:

systemctl enable nftables

2. Start the nftables service:

systemctl start nftables

3. Verify the service status

systemctl is-enabled nftables  
systemctl is-active nftables

Backout Plan:

Using Linux command line:

1. Disable the nftables service if needed:

systemctl disable nftables

2. Stop the nftables service:

systemctl stop nftables

3. Verify service status.

References:

CIS Amazon Linux 2 Benchmark v3.0.0
nftables Documentation
Systemd Service Management

Ensure nftables Service Is Enabled and Active Print

Test Plan:

Implementation Plan:

Backout Plan:

Related Articles