Skip to content

4.4.2.3 Ensure iptables outbound and established connections are configured

Audit#

Run the following command and verify all rules for new outbound, and established connections match site policy: 

# iptables -L -v -n

Remediation#

Configure iptables in accordance with site policy. The following commands will implement a policy to allow all outbound connections and all established connections: 

# iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
# iptables -A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT