Kaspersky Industrial CyberSecurity for Linux Nodes components allow dynamic rules to be added to or deleted from the firewall to ensure it works properly. For example, Network Agent adds dynamic rules that allow connections to Kaspersky Security Center initiated both by the application and by Kaspersky Security Center. Also, Anti-Cryptor task rules are dynamic.
The Firewall Management task does not control dynamic rules and does not block application components' access to network resources. Dynamic rules do not depend on the Firewall Management task state (started/stopped) or changes to its settings. The execution priority of dynamic rules is higher than the priority of network packet rules. Kaspersky Industrial CyberSecurity for Linux Nodes can restore a set of dynamic rules if any of them are deleted, for example, by using the iptables utility.
You can view the set of dynamic rules (using the kics-control -F --query command); however the dynamic rules settings cannot be modified.