Profile Applicability:
• Level 1
Description:
By default, iptables rules exist only in memory and are lost after a system reboot. Ensuring that iptables rules are saved and restored on boot maintains firewall policies consistently and protects the system from unauthorized network traffic.
Rationale:
Saving iptables rules prevents accidental removal of firewall configurations after reboot, ensuring continuous enforcement of security policies.
Impact:
Pros:
Maintains firewall rule consistency across system reboots.
Enhances system security by avoiding unprotected states.
Cons:
Requires proper rule management and backups.
Default Value:
iptables rules are not saved permanently by default unless explicitly configured.
Pre-requisites:
Root or sudo privileges to manage firewall rules and system services.
Remediation:
Test Plan:
Using Linux command line:
1. Check if iptables rules are saved in configuration files, commonly /etc/sysconfig/iptables or /etc/iptables/rules.v4:
cat /etc/sysconfig/iptables cat /etc/iptables/rules.v4
2. Confirm that the saved rules file exists and contains the expected rules.
Implementation Plan:
Using Linux command line:
Save current iptables rules to the configuration file:
On RPM-based systems:
service iptables save
2. Enable and start the iptables service to restore rules on boot:
systemctl enable iptables systemctl start iptables
3. Verify the service is enabled and running:
systemctl status iptable
Backout Plan:
Using Linux command line:
1. Disable iptables service if necessary:
systemctl disable iptables systemctl stop iptables
2. Backup or remove saved rules files if needed.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
iptables Documentation
Systemd Service Management