{"description": "nftables is a replacement for iptables, ip6tables, ebtables and arptables", "rationale": "It is possible to mix iptables and nftables. However, this increases complexity\nand also the chance to introduce errors. For simplicity flush out all iptables\nrules, and ensure it is not loaded.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "Your system is configured to use nftables, but iptables rules exist on it", "ocil": "To verify that on your system not iptables rules exist, and no rules will be returned\nrun the following command:\n<pre>$ sudo iptables -L</pre>\nand/or to verify that on your system not ip6tables rules exist, and no rules will be\nreturned run:\n<pre>$ sudo ip6tables -L</pre>\nTo flush iptables run the following command:\n<pre>$ sudo iptables -F</pre>\nand/or to flush ip6tbales run:\n<pre>$ sudo ip6tables -F</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[iptables]", "platforms": ["package[iptables]"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["package_iptables"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure iptables are flushed", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-iptables/ensure_iptables_are_flushed/rule.yml", "template": null}