--- RHEL6/input/system/network/iptables.xml | 1 + 1 file changed, 1 insertion(+)
diff --git a/RHEL6/input/system/network/iptables.xml b/RHEL6/input/system/network/iptables.xml index 2f94450..3088001 100644 --- a/RHEL6/input/system/network/iptables.xml +++ b/RHEL6/input/system/network/iptables.xml @@ -122,6 +122,7 @@ add or correct the following line in </description> <ocil clause="the default policy for the INPUT chain isn't set to DROP">Inspect the file <tt>/etc/sysconfig/iptables</tt> to determine the default policy for the INPUT chain. It should be set to DROP. +<tt> # grep ":INPUT" /etc/sysconfig/iptables</tt> </ocil> <rationale>In <tt>iptables</tt> the default policy is applied only after all the applicable rules in the table are examined for a match. Setting the -- 1.8.0 _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
