Describe the bug
We have some ipv6 only hosts. This Host has only a few ipv4 iptables rules. We only allow localhost traffic and all other are blocked.
But we have multiple Rules in ip6tables.
Lynis reported that the host has empty ruleset, which is wrong.
It's looked like that lynis doesn't checks iptables rules for ipv6.
Version
- Distribution Debian 13
- Lynis version 3.1.6
Expected behavior
The check should not compliant about empty ruleset if there are many ipv6 rules loaded.
Output
If applicable, add output that you get from the tool or the related section of lynis.log
plugin_enabled_phase1[]=firewalls|1.0.7|
plugin_firewall_iptables_filter=base64:LVAgSU5QVVQgQUNDRVBUCi1QIEZPUldBUkQgQUNDRVBUCi1QIE9VVFBVVCBBQ0NFUFQKLUEgSU5QVVQgLXMgMTkyLjE2OC4yMDAuMC8yNCAtaSBlbm84NDAzIC1wIHRjcCAtbSBtdWx0aXBvcnQgLS1zcG9ydHMgMjIsODAsNDQzIC1tIHN0YXRlIC0tc3RhdGUgUkVMQVRFRCxFU1RBQkxJU0hFRCAtaiBBQ0NFUFQKLUEgSU5QVVQgLWkgZW5vODQwMyAtaiBEUk9QCi1BIE9VVFBVVCAtZCAxOTIuMTY4LjIwMC4wLzI0IC1vIGVubzg0MDMgLXAgdGNwIC1tIG11bHRpcG9ydCAtLWRwb3J0cyAyMiw4MCw0NDMgLW0gc3RhdGUgLS1zdGF0ZSBORVcsUkVMQVRFRCxFU1RBQkxJU0hFRCAtaiBBQ0NFUFQKLUEgT1VUUFVUIC1vIGVubzg0MDMgLWogRFJPUAo=
plugin_firewall_iptables_mangle=base64:LVAgUFJFUk9VVElORyBBQ0NFUFQKLVAgSU5QVVQgQUNDRVBUCi1QIEZPUldBUkQgQUNDRVBUCi1QIE9VVFBVVCBBQ0NFUFQKLVAgUE9TVFJPVVRJTkcgQUNDRVBUCg==
plugin_firewall_iptables_nat=base64:LVAgUFJFUk9VVElORyBBQ0NFUFQKLVAgSU5QVVQgQUNDRVBUCi1QIE9VVFBVVCBBQ0NFUFQKLVAgUE9TVFJPVVRJTkcgQUNDRVBUCg==
plugin_firewall_iptables_raw=base64:LVAgUFJFUk9VVElORyBBQ0NFUFQKLVAgT1VUUFVUIEFDQ0VQVAo=
plugin_firewall_iptables_security=base64:LVAgSU5QVVQgQUNDRVBUCi1QIEZPUldBUkQgQUNDRVBUCi1QIE9VVFBVVCBBQ0NFUFQK
firewall_software[]=iptables
firewall_software[]=nftables
firewall_no_logging[]=iptables
manual[]=Verify if there is a formal process for testing and applying firewall rules
firewall_active=1
firewall_empty_ruleset=1
firewall_installed=1
``
Describe the bug
We have some ipv6 only hosts. This Host has only a few ipv4 iptables rules. We only allow localhost traffic and all other are blocked.
But we have multiple Rules in ip6tables.
Lynis reported that the host has empty ruleset, which is wrong.
It's looked like that lynis doesn't checks iptables rules for ipv6.
Version
Expected behavior
The check should not compliant about empty ruleset if there are many ipv6 rules loaded.
Output
If applicable, add output that you get from the tool or the related section of lynis.log