Kaspersky Endpoint Security creates a special chain of allow rules named kesl_bypass, and adds it to the top of the list in the mangle table of the iptables and ip6tables utilities. The kesl_bypass chain rules lets you exclude traffic from interception by the application. If traffic exclusion rules are configured in the chain, these rules affect the Web Threat Protection, Network Threat Protection, and Web Control components.
The rules in this chain can be changed by means of the operating system.
For example, to exclude incoming and outgoing HTTP traffic, you need to add a rule by running the following command: iptables -t mangle -I kesl_bypass -m tcp -p tcp --dport http -j ACCEPT.
When the application is removed, the kesl_bypass rule chain is removed from iptables and ip6tables only if it was empty.
Page top