--- myst: html_meta: "description lang=en": "Kasm Workspaces hardening base operating system." "keywords": "Kasm, Server, Configuration, STIGs, Security, CIS, DISA, Workspaces, HBSS" "property=og:locale": "en_US" --- ```{title} HBSS ``` # Host Based Security Protection Products such as HBSS may be required to install on the servers Kasm is running on. Products like HBSS will control iptables. This can result in confusion, since Docker and firewalld also control iptables. Ensure that both TCP ports 2375 and the port Kasm has been configured to listen on, are allowed by your host based security product. In our experience, iptables can occasionally get into a bad state, where HBSS, firewalld, and Docker are all modifying IP tables. Symptoms such as containers not being able to communicate outbound or receive inbound traffic can occur. Clearing all iptables rules and restarting docker usually clears up these issues. When docker restarts, it will reconstruct all iptables rules applicable to docker and containers it manages. Restarting firewalld may be required to rebuild rules managed by firewalld. Consult your HBSS documentation for guidance with HBSS.