Skip to content

4.4.1.2 Ensure nftables is not in use with iptables

Audit#

Run the following commend to verify that nftables is not installed: 

# dpkg-query -s nftables &>/dev/null && echo "nftables is installed"
Nothing should be returned

- OR - Run the following command to verify nftables.service is not enabled: 

# systemctl is-enabled nftables.service 2>/dev/null | grep '^enabled'
Nothing should be returned

Run the following command to verify nftables.service is not active: 

# systemctl is-active nftables.service 2>/dev/null | grep '^active'
Nothing should be returned

Remediation#

Run the following command to remove nftables: 

# apt purge nftables

- OR - Run the following commands to stop and mask nftables.service: 

# systemctl stop nftables.service
# systemctl mask nftables.service