Fix set_ipv6_loopback_traffic SCE for ubuntu2404

ip6tables output changed from ubuntu2204 to ubuntu2404. E.g. from `ip6tables -n -v -L INPUT` - 22.04: `0 0 ACCEPT all lo * ::/0 ::/0` - 24.04: `0 0 ACCEPT 0 -- lo * ::/0 ::/0`kj
ComplianceAsCode · Dec 2, 2024 · a8ce721 · a8ce721
1 parent 0300256
commit a8ce721
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/...stem/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/sce/ubuntu.sh b/...stem/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/sce/ubuntu.sh
@@ -7,15 +7,21 @@ if [ ! -e /proc/sys/net/ipv6/conf/all/disable_ipv6 ] || [ "$(cat /proc/sys/net/i
     exit "$XCCDF_RESULT_PASS"
 fi
 
-regex="\s+[0-9]+\s+[0-9]+\s+ACCEPT\s+all\s+lo\s+\*\s+::\/0\s+::\/0[[:space:]]+[0-9]+\s+[0-9]+\s+DROP\s+all\s+\*\s+\*\s+::1\s+::\/0"
+{{% if product in ['ubuntu2404'] %}}
+regex_input="\s+[0-9]+\s+[0-9]+\s+ACCEPT\s+[0-9]+\s+--\s+lo\s+\*\s+::\/0\s+::\/0[[:space:]]+[0-9]+\s+[0-9]+\s+DROP\s+[0-9]+\s+--\s+\*\s+\*\s+::1\s+::\/0"
+regex_output="\s[0-9]+\s+[0-9]+\s+ACCEPT\s+[0-9]+\s+--\s+\*\s+lo\s+::\/0\s+::\/0"
+{{% else %}}
+regex_input="\s+[0-9]+\s+[0-9]+\s+ACCEPT\s+all\s+lo\s+\*\s+::\/0\s+::\/0[[:space:]]+[0-9]+\s+[0-9]+\s+DROP\s+all\s+\*\s+\*\s+::1\s+::\/0"
+regex_output="\s[0-9]+\s+[0-9]+\s+ACCEPT\s+all\s+\*\s+lo\s+::\/0\s+::\/0"
+{{% endif %}}
 
 # Check chain INPUT for loopback related rules
-if ! ip6tables -L INPUT -v -n -x | grep -Ezq "$regex" ; then
+if ! ip6tables -L INPUT -v -n -x | grep -Ezq "$regex_input" ; then
     exit "$XCCDF_RESULT_FAIL"
 fi
 
  # Check chain OUTPUT for loopback related rules
-if ! ip6tables -L OUTPUT -v -n -x | grep -Eq "\s[0-9]+\s+[0-9]+\s+ACCEPT\s+all\s+\*\s+lo\s+::\/0\s+::\/0" ; then
+if ! ip6tables -L OUTPUT -v -n -x | grep -Eq "$regex_output"; then
     exit "$XCCDF_RESULT_FAIL"
 fi