---

{{ if .Vars.ubtu24cis_level_1 }}
  {{ if .Vars.ubtu24cis_rule_4_3_10 }}
file:
  nftable_perm:
    title: 4.3.10 | Ensure nftables rules are permanent | conf file exists
    path: /etc/nftables.conf
    exists: true
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 4.3.10
      CISv8:
      - 4.4
      - 4.5
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - CA-9
      - SC-7
command:
  nft_rules:
    title: 4.3.10 | Ensure nftables rules are permanent | conf file exists
    exec: echo "Manual - Please review nfttables configuration and matches site policy"
    exit-status: 0
    stdout:
    - '!/.*/'
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 4.3.10
      CISv8:
      - 4.4
      - 4.5
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - CA-9
      - SC-7
  {{ end }}
{{ end }}