Workload misconfigurations

Ensure Docker is allowed to make changes to iptables (Automated)

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

The iptables firewall is used to set up, maintain, and inspect the tables of IP packet filter rules within the Linux kernel. The Docker daemon should be allowed to make changes to the iptables ruleset.
  • Recommended Mitigation

    Do not run the Docker daemon with --iptables=false parameter. For example, do not start the Docker daemon as follows: 'dockerd --iptables=false'. By default, iptables is set to true.