Skip to content

3.5.3.2.2 Ensure iptables loopback traffic is configured

Audit#

Run the following commands and verify output includes the listed rules in order (packet and byte counts may differ): 

# iptables -L INPUT -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
 0 0 DROP all -- * * 127.0.0.0/8 0.0.0.0/0

# iptables -L OUTPUT -v -n
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0

Remediation#

Run the following commands to implement the loopback rules: 

# iptables -A INPUT -i lo -j ACCEPT
# iptables -A OUTPUT -o lo -j ACCEPT
# iptables -A INPUT -s 127.0.0.0/8 -j DROP