undefined local variable or method `iptables'

[unthar]

Describe the bug
When running with cis_level 2 I'm seeing an error with the iptables rules control when checking processes listening on ports. This is control 3.6.5. There is no variable or method 'iptables'.

Expected behavior
The control should report if there is an iptables rule for those ports that are listening.

Actual behavior
Here is the variable/method not found error:

  ×  cis-dil-benchmark-3.6.5: Ensure firewall rules exist for all open ports (3 failed)
     ×  Firewall rule should exist for port 68
     undefined local variable or method `iptables' for #<RSpec::ExampleGroups::FirewallRuleShouldExistForPort68:0x00007fbb6f309210>
     ×  Firewall rule should exist for port 22
     undefined local variable or method `iptables' for #<RSpec::ExampleGroups::FirewallRuleShouldExistForPort22:0x00007fbb6f313760>
     ×  Firewall rule should exist for port 8089
     undefined local variable or method `iptables' for #<RSpec::ExampleGroups::FirewallRuleShouldExistForPort8089:0x00007fbb6f311c08>

Example code
The relevant code is in control 3.6.5:

  port.where { address !~ /^(127\.0\.0\.1|::1)$/ }.ports.each do |port|
    describe "Firewall rule should exist for port #{port}" do
      subject { iptables.retrieve_rules.any? { |s| s =~ /\s+--dport #{port}\s+/ } }
      it { should be true }
    end

OS / Environment
I'm running the inspec tests from MacOS 10.14.5 over SSH to both RHEL 7.6 and Ubuntu 14.04 targets and see the same behavior on both target OS's.

Inspec Version

4.18.0

Baseline Version

Running from master branch, tag 0.3.0

Additional context
Here was my quick hack to use as a workaround though I'd prefer not to shell out (and I probably need better regex matching):

describe command("iptables -S | grep 'dport #{port}'") do
  its('exit_status') { should eq 0 }
end