On 7/27/14, 11:26 PM, Shawn Wells wrote:
From: Leland Steinke<[email protected]>
Guidance did not remind users to reload firewall rules if a change was required
Signed-off-by: Leland Steinke<[email protected]>
---
RHEL/6/input/system/network/iptables.xml | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/RHEL/6/input/system/network/iptables.xml
b/RHEL/6/input/system/network/iptables.xml
index 639b16e..0876645 100644
--- a/RHEL/6/input/system/network/iptables.xml
+++ b/RHEL/6/input/system/network/iptables.xml
@@ -73,6 +73,8 @@ the built-in INPUT chain which processes incoming packets,
add or correct the following line in
<tt>/etc/sysconfig/ip6tables</tt>:
<pre>:INPUT DROP [0:0]</pre>
+If changes were required, reload the ip6tables rules:
+<pre>$ sudo service ip6tables reload</pre>
</description>
<ocil clause="the default policy for the INPUT chain is not set to DROP">
If IPv6 is disabled, this is not applicable.
-- 1.7.1
ack
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
