Closed blk974u closed 2 years ago
Hi
I just looked at the same code but I think you missed that firewalld is only disabled if the following is true: when: enable_firewall is defined and enable_firewall == "iptables"
it will only do this if variable is set to iptables
best regards
That is correct. Firewalld will only be disabled if enable_firewall == "iptables" since they shouldn't both be run at the same time.
Thanks!
First of all, thanks for the great work.
I checked out the Control 3.4.4.1(redhat-8-type.yml) for iptables and firewalld. with CIS CentOS Linux 8 Benchmark v1.0.0 - 10-31-2019
The CIS Benchmark has not mentioned to disable firewalld but use firewalld as a frontend for nftables, however, I found the redhat-8-type.yml disabled it. Instead, iptables-service is the one who need to be disabled/remove due to "3.4.2.6 Ensure iptables is not enabled (Scored)" in CIS Benchmark.