Firewall Management task (Firewall_Management, ID:12)
February 8, 2024
ID 270424
During use on local area networks (LANs) and the Internet, a device is exposed to viruses, other malware, and a variety of attacks that exploit vulnerabilities in operating systems and software.
The firewall blocks most threats to the operating system when the device is connected to the Internet or a LAN. The operating system firewall allows you to detect all network connections on the user device and provide a list of their IP addresses. The Firewall Management task allows you to set the status of the network connections by configuring the network packet rules. Configuring network packet rules lets you specify the desired level of the device protection, from blocking Internet access for all applications to allowing unlimited access. All outbound connections are allowed by default, unless corresponding blocking rules for the Firewall Management task are specified.
While the Firewall Management task is running, Kaspersky Industrial CyberSecurity for Linux Nodes blocks configuration of the operating system firewall settings when, for example, an application or utility attempts to add or delete a firewall rule. Kaspersky Industrial CyberSecurity for Linux Nodes checks the operating system firewall every 60 seconds and restores the set of firewall rules if necessary. The checking period cannot be changed.
In the Red Hat Enterprise Linux and CentOS 8 operating systems, firewall rules created using Kaspersky Industrial CyberSecurity for Linux Nodes can only be viewed through the application (kics-control -F --query command).
The operating system firewall continues to be checked even when the Firewall Management task is stopped. This allows the application to restore dynamic rules.
To avoid problems on systems with nftables, Kaspersky Industrial CyberSecurity for Linux Nodes uses the iptables and iptables-restore system utilities when adding rules for the system firewall.
The application creates a special chain of allowing rules named kics_bypass and adds it first to the list of the mangle table of the iptables and ip6tables utilities. The kics_bypass chain rules let you exclude traffic from scans performed by Kaspersky Industrial CyberSecurity for Linux Nodes. The rules in this chain can be changed by means of the operating system.
When the application is removed, the kics_bypass rule chain in iptables and ip6tables is removed only if it was empty.
It is recommended to disable other operating system firewall management tools before enabling the Firewall Management task.
