1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
documentation_complete: true
title: 'Ensure Only One Firewall Service is Active'
description: |-
The system must have exactly one active firewall service running to avoid conflicts
and ensure consistent packet filtering. Only one of the following services should
be enabled and active at any time:
<ul>
<li>ufw - Uncomplicated Firewall (Ubuntu/Debian default)</li>
<li>iptables - Classic Linux firewall</li>
<li>nftables - Next Generation Firewall replacement for iptables</li>
</ul>
Having zero active firewalls leaves the system vulnerable, while having multiple
active firewalls can lead to rule conflicts and security gaps.
rationale: |-
Running multiple firewall services simultaneously can lead to conflicts in rule
processing, unpredictable behavior, and potential security gaps. A single
firewall service ensures consistent and predictable packet filtering.
Having no active firewall service leaves the system exposed to network-based
attacks and unauthorized access.
severity: medium
platform: machine
warnings:
- general: |-
This rule does not come with a remediation. There are specific rules
for enabling each firewall which should be enabled instead.
|
