Back

Enable the ip6tables service as necessary.


CONTROL ID
04947
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Ensure ip6tables firewall rules exist for all open ports Description: Any ports that have been opened on non-loopback addresses need firewall rules to govern traffic. Rationale: Without a firewall rule configured for open ports default firewall policy will drop all packets to these ports. **Note:** … (3.5.3.3.3, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 1)
  • Ensure ip6tables is enabled and running Description: `ip6tables.service` is a utility for configuring and maintaining `ip6tables`. Rationale: `ip6tables.service` will load the iptables rules saved in the file `/etc/sysconfig/ip6tables` at boot, otherwise the ip6tables rules will be cleared during a … (3.5.3.3.6, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 1)
  • Ensure ip6tables firewall rules exist for all open ports Description: Any ports that have been opened on non-loopback addresses need firewall rules to govern traffic. Rationale: Without a firewall rule configured for open ports default firewall policy will drop all packets to these ports. **Note:** … (3.5.3.3.3, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Ensure ip6tables is enabled and running Description: `ip6tables.service` is a utility for configuring and maintaining `ip6tables`. Rationale: `ip6tables.service` will load the iptables rules saved in the file `/etc/sysconfig/ip6tables` at boot, otherwise the ip6tables rules will be cleared during a … (3.5.3.3.6, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Title: Enable IP6tables Description: IP6tables is an application that allows a system administrator to configure the IPv6 tables, chains and rules provided by the Linux kernel firewall. Rationale: IP6tables provides extra protection for the Linux system by limiting communications in and out of… (Rule:xccdf_org.cisecurity.benchmarks_rule_4.8_Enable_IP6tables, The Center for Internet Security Red Hat Enterprise Linux 6 Level 1 Benchmark, 1.2.0)
  • Title: Enable IP6tables Description: IP6tables is an application that allows a system administrator to configure the IPv6 tables, chains and rules provided by the Linux kernel firewall. Rationale: IP6tables provides extra protection for the Linux system by limiting communications in and out of… (Rule:xccdf_org.cisecurity.benchmarks_rule_4.8_Enable_IP6tables, The Center for Internet Security Red Hat Enterprise Linux 6 Level 2 Benchmark, 1.2.0)
  • Ensure ip6tables is enabled and active Description: `ip6tables.service` is a utility for configuring and maintaining `ip6tables`. Rationale: `ip6tables.service` will load the iptables rules saved in the file `/etc/sysconfig/ip6tables` at boot, otherwise the ip6tables rules will be cleared during a r… (3.4.4.2.5, CIS Oracle Linux 8 Benchmark, Server Level 1, v1.0.1)
  • Ensure ip6tables firewall rules exist for all open ports Description: Any ports that have been opened on non-loopback addresses need firewall rules to govern traffic. Rationale: Without a firewall rule configured for open ports default firewall policy will drop all packets to these ports. Remediatio… (3.4.4.2.4, CIS Oracle Linux 8 Benchmark, Server Level 1, v1.0.1)
  • Ensure ip6tables is enabled and active Description: `ip6tables.service` is a utility for configuring and maintaining `ip6tables`. Rationale: `ip6tables.service` will load the iptables rules saved in the file `/etc/sysconfig/ip6tables` at boot, otherwise the ip6tables rules will be cleared during a r… (3.4.4.2.5, CIS Oracle Linux 8 Benchmark, Server Level 2, v1.0.1)
  • Ensure ip6tables firewall rules exist for all open ports Description: Any ports that have been opened on non-loopback addresses need firewall rules to govern traffic. Rationale: Without a firewall rule configured for open ports default firewall policy will drop all packets to these ports. Remediatio… (3.4.4.2.4, CIS Oracle Linux 8 Benchmark, Server Level 2, v1.0.1)
  • The ip6tables service should be enabled or disabled as appropriate. Technical Mechanisms: via chkconfig Parameters: enabled / disabled References: Section: 2.5.5.1, Value: enabled CCE-U-203 (CCE-4167-3, Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 5, 5.20130214)