Configuring the Firewall of Kaspersky Endpoint Security for Linux

To configure the Firewall using Kaspersky Security Center:

  1. Open the group policy for editing.
  2. In the Application settings section, select the Essential Threat Protection tab, and click the Firewall link.
  3. In the Network packet rules section, click Configure network packet rules.
  4. In the list of network packet rules, click Add and specify the settings of the new rule:
    • Rule name: TCP:25
    • Action: Allow
    • Protocol: TCP
    • Direction: Inbound
    • Remote address: Any address
    • Specify remote ports: not selected
    • Local address: Any address
    • Specify local ports: 25
    • Log events: not selected

    Finish creating the new rule.

  5. In the list of network packet rules, click Add and specify the settings of the new rule:
    • Rule name: TCP:443
    • Action: Allow
    • Protocol: TCP
    • Direction: Inbound
    • Remote address: Any address
    • Specify remote ports: not selected
    • Local address: Any address
    • Specify local ports: 443
    • Log events: not selected

    You can use a different local port number, the value is specified during the initial configuration of KSMG.

    Finish creating the new rule.

  6. In the list of network packet rules, click Add and specify the settings of the new rule:
    • Rule name: TCP:9045
    • Action: Allow
    • Protocol: TCP
    • Direction: Inbound
    • Remote address: Any address
    • Specify remote ports: not selected
    • Local address: Any address
    • Specify local ports: 9045
    • Log events: not selected

    Finish creating the new rule.

  7. Save your changes to the list of rules.
  8. Save your group policy changes.

To configure the Firewall using the command line:

  1. Save the Firewall management task settings to a configuration file using the following command:

    kesl-control --get-settings 12 --file <full path to the file>

  2. Open the created configuration file for editing.
  3. Add the following lines to the created file:

    [PacketRules.item_<item number>]

    FirewallAction=Allow

    Direction=Incoming

    Protocol=TCP

    LocalPorts=25

    [PacketRules.item_<item number>]

    FirewallAction=Allow

    Direction=Incoming

    Protocol=TCP

    LocalPorts=443

    [PacketRules.item_<item number>]

    FirewallAction=Allow

    Direction=Incoming

    Protocol=TCP

    LocalPorts=9045

    <item number> is the sequential number of the PacketRules section, numbering starts from zero.

  4. Save your changes in the configuration file.
  5. Import settings from the configuration file to the Firewall management task:

    kesl-control --set-settings 12 --file <full path to the file>

Page top