documentation_complete: true


platform: system_with_kernel and not rhcos4-rhel9 and service_disabled[nftables] and service_disabled[ufw]

title: 'Install iptables Package'

description: |-
    {{{ describe_package_install(package="iptables") }}}

rationale: |-
    <tt>iptables</tt> controls the Linux kernel network packet filtering
    code. <tt>iptables</tt> allows system operators to set up firewalls and IP
    masquerading, etc.

severity: medium

identifiers:
    cce@rhcos4: CCE-82522-4
    cce@rhel8: CCE-82982-0
    cce@sle12: CCE-91549-6
    cce@sle15: CCE-91244-4
    cce@slmicro5: CCE-94006-4

references:
    cis@sle12: 3.5.1.1
    cis@sle15: 3.5.3.1.1
    nist: CM-6(a)
    pcidss: Req-1.4.1
    srg: SRG-OS-000480-GPOS-00227

ocil_clause: 'the package is not installed'

ocil: '{{{ ocil_package(package="iptables") }}}'

{{%- if product in [ "sle12", "sle15" ] or 'ubuntu' in product %}}
template:
    name: package_installed_guard_var
    vars:
        pkgname: iptables
        variable: var_network_filtering_service
        value: iptables
{{%- else %}}
template:
    name: package_installed
    vars:
        pkgname: iptables
{{%- endif %}}