Skip to content

3.5.3.2.1 Ensure iptables default deny firewall policy

Audit#

Run the following command and verify that the policy for the INPUT, OUTPUT, and FORWARD chains is DROP or REJECT: 

# iptables -L
Chain INPUT (policy DROP)
Chain FORWARD (policy DROP)
Chain OUTPUT (policy DROP)

Remediation#

Run the following commands to implement a default DROP policy: 

# iptables -P INPUT DROP
# iptables -P OUTPUT DROP
# iptables -P FORWARD DROP