Firewall and iptables in Fedora 35

The Lynis security audit tool has flagged the following on my system:

Check iptables rules to see which rules are currently not used [FIRE-4513]

The associated online note states:

This control checks what iptables rules are currently not being used. Proper maintenance of firewall rules is essential for accuracy and proper network traffic filtering. Regular checks on the proper working and rule-sets help in limiting traffic to the bare minimum and decrease general risk of unauthorized connections. Note: Some rules might have no hits, while still being applicable. Before removing rules, make sure that the time to monitor is long enough.
How to solve
Use iptables --list --numeric --verbose to display all rules. Check for rules which didn’t get a hit and repeat this process several times (e.g. in a few weeks). Finally remove any unneeded rules.

I have run the suggested command, and from what I could glean from it none of the rules have had any hits. How best should I proceed?

https://docs.fedoraproject.org/en-US/fedora/f32/release-notes/sysadmin/Networking/

Fedora 35 should be using nftables instead of iptables as Firewalld backend.

3 Likes