Configuring a list of network packet rules in the command line

Support

Support for business applications

Kaspersky Endpoint Security 12 for Linux

Firewall Management

Firewall Management in the command line

Configuring a list of network packet rules in the command line

July 22, 2024

ID 197290

Get as PDF

To add a network packet rule, execute the following command:

kesl-control --add-rule [--name <rule name>] [--action <action>] [--protocol <protocol>] [--direction <direction>] [--remote <remote address>[:<port range>]] [--local <local address>[:<port range>]] [--at <index>]

where:

--name <rule name> is the name of the network packet rule.
--action <action> is the action to be performed on connections specified in network packet rule.
--protocol <protocol> is the type of data transfer protocol for which you want to monitor network activity.
--direction <direction> is the direction of the monitored network activity.
--remote <remote address[:<port range>]> is the network address of the remote device. You can specify the name of a predefined network zone as the remote address.
--local <local address[:<port range>]> is the network address of the device with Kaspersky Endpoint Security installed.
--at <index> is the index of rules in the list of network packet rules. If the --at key is not specified or its value is larger than the number of rules in the list, the new rule is added to the end of the list.

Parameters that you do not specify values for in the command are set to their default values.

Examples:

To create a rule that blocks all incoming and established connections to TCP port 23, execute the following command:

kesl-control --add-rule --name Block_Telnet --action Block --direction in --protocol TCP --local any:23 --remote any

To create a rule that blocks incoming and established connections via the TCP port 23 for the Public network zone, execute the following command:

kesl-control --add-rule --name Block_Telnet --action Block --direction in --protocol TCP --local any:23 --remote Public

To delete a network packet rule, execute one of the following commands:

kesl-control --del-rule --name <rule name>
kesl-control --del-rule --index <index>

where:

--name <rule name> is the name of the network packet rule.
--index <index> is the current index of rules in the list of network packet rules.

If the list of network packet rules contains multiple rules with an identical name or does not contain a rule with a specified name or index, an error occurs.

To change a network packet rule's execution priority, execute one of the following commands:

kesl-control --move-rule --name <rule name> --at <index>
kesl-control --move-rule --index <index> --at <index>

where:

--name <rule name> is the name of the network packet rule.
--index <index> is the current index of rules in the list of network packet rules.
--at <index> is the new index of rules in the list of network packet rules.

Kaspersky Endpoint Security for Linux: High protection without performance compromising

Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.