Adversaries may disable or modify system firewalls in order to bypass controls limiting network usage. Changes could be disabling the entire mechanism as well as adding, deleting, or modifying particular rules. This can be done numerous ways depending on the operating system, including via command-line, editing Windows Registry keys, and Windows Control Panel.Modifying or disabling a system firewall may enable adversary C2 communications, lateral movement, and/or data exfiltration that would otherwise not be allowed.
Disables the iptables firewall
Supported Platforms: Linux
if [ $(rpm -q --queryformat '%{VERSION}' centos-release) -eq "6" ];
then
service iptables stop
chkconfig off iptables
service ip6tables stop
chkconfig off ip6tables
else if [ $(rpm -q --queryformat '%{VERSION}' centos-release) -eq "7" ];
systemctl stop firewalld
systemctl disable firewalld
fi