---

{{ if .Vars.ubtu24cis_level_1 }}
  {{ if .Vars.ubtu24cis_rule_4_3_3 }}
command:
  iptables_flushed:
    title: 4.3.3 | Ensure iptables are flushed with nftables | iptable IPv4 flushed
    exec: iptables -L
    exit-status:
      or:
      - 0
      - 1
    stdout:
    - '!/^.*/'
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 4.3.3
      CISv8:
      - 4.4
      - 4.5
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - CA-9
      - SC-7
  ip6tables_flushed:
    title: 4.3.3 | Ensure iptables are flushed with nftables | iptable IPv4 flushed
    exec: ip6tables -L
    exit-status:
      or:
      - 0
      - 1
    stdout:
    - '!/^.*/'
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 4.3.3
      CISv8:
      - 4.4
      - 4.5
      CISv8_IG1: true
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - SC-7
      - CA-9
  {{ end }}
{{ end }}