How do I configure IPTables to harden the Content Gateway host system?

When Content Gateway is deployed on a stand-alone Linux server (not an appliance), it is strongly recommended that an IPTables firewall be configured to provide maximum security and efficiency with Content Gateway.

Warning: Only qualified system administrators should modify the IPTables firewall.

Content Gateway now utilizes iptables, configured during product installation or upgrade, to facilitate interception and redirection of traffic.

IPTables rules configured outside of Content Gateway Manager must
- Be inserted after Forcepoint rules.
- Never be added to Forcepoint chains.
Forcepoint chains and rules should never be edited.
If customized chains or rules impact the Forcepoint configuration, navigate to /opt/wcg/bin and execute the following to re-establish the Forcepoint IPTables chains and rules:
netcontrol.sh -r

While hardening the system is allowed, caution should be taken to avoid interfering with general Content Gateway functionality.