Ensure Only One Firewall Service is Active

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

The system must have exactly one active firewall service running to avoid conflicts and ensure consistent packet filtering. Only one of the following services should be enabled and active at any time:

  • ufw - Uncomplicated Firewall (Ubuntu/Debian default)
  • iptables - Classic Linux firewall
  • nftables - Next Generation Firewall replacement for iptables

Having zero active firewalls leaves the system vulnerable, while having multiple active firewalls can lead to rule conflicts and security gaps.

Rationale

Running multiple firewall services simultaneously can lead to conflicts in rule processing, unpredictable behavior, and potential security gaps. A single firewall service ensures consistent and predictable packet filtering. Having no active firewall service leaves the system exposed to network-based attacks and unauthorized access.

Warning

This rule does not come with a remediation. There are specific rules for enabling each firewall which should be enabled instead.