{"description": "Tables in nftables hold chains. Each table only has one address family and only applies\nto packets of this family. Tables can have one of six families.", "rationale": "Nftables doesn't have any default tables. Without a table being built, nftables will not\nfilter network traffic.", "severity": "medium", "references": {"cis": ["4.2.4"]}, "control_references": {"cis": ["4.2.4"]}, "components": [], "identifiers": {}, "ocil_clause": "a nftables table does not exist", "ocil": "To verify that a nftables table exists, run the following command:\n$ sudo nft list tables
\nOutput should include a list of nftables similar to:\n\n table \n", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "Adding or editing rules in a running nftables can cause loss of connectivity to the system."}, {"general": "Both the SCE check and remediation for this rule only consider runtime settings.\nThere is no specific file to check as it depends on each site's policy. Therefore, check\nand remediation use the nft command directly. The fix is not persistent across system\nreboots."}, {"functionality": "SCE check does not support variables, therefore the SCE check in this rule only checks the\naddress family, regardless of the table name."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[nftables]", "platforms": ["package[nftables]"], "sce_metadata": {"platform": ["multi_platform_rhel", "multi_platform_ubuntu"], "check-import": "stdout", "environment": "any", "filename": "set_nftables_table.sh", "relative_path": "ubuntu2204/checks/sce/set_nftables_table.sh"}, "inherited_platforms": [], "cpe_platform_names": ["package_nftables"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure a Table Exists for Nftables", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-nftables/set_nftables_table/rule.yml", "template": null}