Firewall Management task (Firewall_Management, ID:12)

During use on local area networks (LANs) and the Internet, a device is exposed to viruses, other malware, and a variety of attacks that exploit vulnerabilities in operating systems and software.

The operating system firewall protects data stored on the user device by blocking most threats when the device is connected to the internet or a LAN.

The operating system's firewall can detect all network connections on the user's device and provide a list of their IP addresses. The Firewall Management task lets you set the status of these network connections by configuring network packet rules. Configuring network packet rules lets you specify the desired level of the device protection, from blocking Internet access for all applications to allowing unlimited access. All outbound connections are allowed by default, unless corresponding blocking rules for the Firewall Management task are specified.

When the Firewall Management task is enabled, Kaspersky Endpoint Security automatically deletes all custom rules configured for the firewall with tools provided by the operating system. These rules are not restored after the task is disabled. If required, save the custom firewall rules before enabling the Firewall Management task.

While the Firewall Management task is running, Kaspersky Endpoint Security blocks any configuration of the operating system's firewall settings, for example, any attempt by a program or utility to add or delete a firewall rule. Kaspersky Endpoint Security checks the operating system firewall every 60 seconds and restores the set of firewall rules if necessary. The checking period cannot be changed.

In the Red Hat Enterprise Linux and CentOS 8 operating systems, firewall rules created using Kaspersky Endpoint Security can only be viewed through the application (kesl-control -F --query command).

The operating system firewall continues to be checked even when the Firewall Management task is stopped. This allows the application to restore dynamic rules.

To avoid problems on systems with nftables, Kaspersky Endpoint Security uses the iptables and iptables-restore system utilities when adding rules for the system firewall.

The application creates a special chain of allowing rules called kesl_bypass, and adds it at the top of the list in the mangle table of the iptables and ip6tables utilities. The rules of the kesl_bypass chain make it possible to exclude traffic from scans by Kaspersky Endpoint Security. The rules in this chain can be changed by means of the operating system.

When the application is removed, the kesl_bypass rule chain is removed from iptables and ip6tables only if it was empty.

It is recommended to disable other operating system firewall management tools before enabling the Firewall Management task.

In this Help section

About network packet rules

About dynamic rules

About the predefined network zone names

Firewall Management task settings

Adding a network packet rule

Deleting a network packet rule

Changing the execution priority of a network packet rule

Adding a network address to a zone section

Deleting a network address from a zone section

Page top