About dynamic rules

Kaspersky Industrial CyberSecurity for Linux Nodes allows adding or deleting dynamic firewall rules that the application needs to work properly. For example, Network Agent adds dynamic rules that allow connections to Kaspersky Security Center initiated by the application or by Kaspersky Security Center. The rules of the Anti-Cryptor are also dynamic.

Kaspersky Industrial CyberSecurity for Linux Nodes does not control dynamic rules and does not block application components' access to network resources. Dynamic rules do not depend on the Firewall Management state (started/stopped) or on changes of the Firewall Management settings. The execution priority of dynamic rules is higher than the priority of network packet rules. The application restores a set of dynamic rules if any of them are deleted, for example, by using the iptables utility.

You can view the set of dynamic rules (using the kics-control -F --query command); however the dynamic rules settings cannot be modified.