iCompaas Support

Profile Applicability:
 • Level 1

Description:
 The ip6tables service manages IPv6 firewall rules on Linux systems. Ensuring that the ip6tables service is enabled and actively running guarantees consistent enforcement of IPv6 firewall policies across system reboots, protecting the system from unauthorized IPv6 network traffic.

Rationale:
 Enabling and running the ip6tables service ensures continuous protection and application of security policies for IPv6 traffic.

Impact:
 Pros:

• Provides persistent IPv6 firewall enforcement.
  

• Supports secure network communication management.
  

Cons:

• Requires appropriate firewall rule configuration to be effective.
  

Default Value:
 The ip6tables service may be installed but not enabled or running by default on some systems.

Pre-requisites:

• Root or sudo privileges to manage system services.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check if ip6tables service is enabled:

systemctl is-enabled ip6tables

2. Check if ip6tables service is active:

systemctl is-active ip6tables

Implementation Plan:

Using Linux command line:

1. Enable the ip6tables service:

systemctl enable ip6tables

2. Start the ip6tables service:

systemctl start ip6tables

3. Verify the service status:

systemctl is-enabled ip6tables  
systemctl is-active ip6tables

Backout Plan:

Using Linux command line:

1. Disable the ip6tables service if necessary:

systemctl disable ip6tables

2. Stop the ip6tables service:

systemctl stop ip6tables

3.Verify the service status.

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• ip6tables Documentation
  

• Systemd Service Management