In Kaspersky Industrial CyberSecurity for Linux Nodes settings, you can configure exclusions from traffic interception by traffic direction, destination IP address and port. If such exclusions are not sufficient to resolve the conflict of the Kaspersky Industrial CyberSecurity for Linux Nodes application with client applications, you can use the special chain of allow rules, kics_bypass.
The kics_bypass chain is a special list of rules that Kaspersky Industrial CyberSecurity for Linux Nodes creates in the mangle table of the operating system firewall (iptables/ip6tables). Rules of the kics_bypass chain let you exclude traffic from interception by Kaspersky Industrial CyberSecurity for Linux Nodes. The kics_bypass chain is added to the top of the network packet processing process, which means that kics_bypass rules are processed before all other iptables rules.
In contrast to exclusions that you can connect in Kaspersky Endpoint Security settings, the kesl_bypass chain allows configuring exclusions not only by traffic direction, destination IP address and port, but also by other parameters of connections.
The rules in the kics_bypass chain can be changed by means of the operating system.
For example, you can add a rule to the kics_bypass chain by running the following command: iptables -t mangle -I kics_bypass -m tcp -p tcp --dport http -j ACCEPT.
This rule allows excluding inbound and outbound HTTP traffic on port 80 at any IP address from interception by Kaspersky Industrial CyberSecurity for Linux Nodes. This can help avoid potential conflict with web services that you trust.
If traffic exclusion rules are configured in the chain, these rules affect the Web Threat Protection, Network Threat Protection, and Web Control components.
When the application is removed, the kics_bypass rule chain in iptables and ip6tables is removed only if it was empty.
Page top