You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
cis benchmarks show false negative errors, conntrack is equivalent or better than state module for iptables.
Describe the solution you'd like
Running inspec against ubuntu devices using conntrack module for connection tracking should validate
-m conntrack --ctstate NEW,ESTABLISHED
as well as -m state --state NEW,ESTABLISHED
Describe alternatives you've considered
Add -m state after -m conntrack works, but adds unnecessary lines to iptables
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
cis benchmarks show false negative errors, conntrack is equivalent or better than state module for iptables.
Describe the solution you'd like
Running inspec against ubuntu devices using conntrack module for connection tracking should validate
-m conntrack --ctstate NEW,ESTABLISHEDas well as
-m state --state NEW,ESTABLISHEDDescribe alternatives you've considered
Add -m state after -m conntrack works, but adds unnecessary lines to iptables
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: