Configuring the Firewall of Kaspersky Endpoint Security for Linux

To configure the Firewall using Kaspersky Security Center:

  1. Open the group policy for editing.
  2. Go to the Essential Threat ProtectionFirewall tab.
  3. In the Network packet rules section, click Configure.
  4. In the list of network packet rules, click Add and specify the settings of the new rule:
    • Protocol: TCP
    • Direction: Inbound
    • Remote ports: Any
    • Local ports: 25
    • Remote addresses: Any address
    • Local addresses: Any address
    • Action: Allow
    • Log events: Do not log
    • Rule name: TCP:25

    Finish creating the new rule.

  5. In the list of network packet rules, click Add and specify the settings of the new rule:
    • Protocol: TCP
    • Direction: Inbound
    • Remote ports: Any
    • Local ports: 443
    • Remote addresses: Any address
    • Local addresses: Any address
    • Action: Allow
    • Log events: Do not log
    • Rule name: TCP:443

    You can use a different local port number, the value is specified during the initial configuration of KSMG.

    Finish creating the new rule.

  6. In the list of network packet rules, click Add and specify the settings of the new rule:
    • Protocol: TCP
    • Direction: Inbound
    • Remote ports: Any
    • Local ports: 9045
    • Remote addresses: Any address
    • Local addresses: Any address
    • Action: Allow
    • Log events: Do not log
    • Rule name: TCP:9045

    Finish creating the new rule.

  7. Save your changes to the list of rules.
  8. Save your group policy changes.

To configure the Firewall using the command line:

  1. Save the Firewall management task settings to a configuration file using the following command:

    kesl-control --get-settings 12 --file <full path to the file>

  2. Open the created configuration file for editing.
  3. Add the following lines to the created file:

    [PacketRules.item_<item number>]

    FirewallAction=Allow

    Direction=Incoming

    Protocol=TCP

    LocalPorts=25

    [PacketRules.item_<item number>]

    FirewallAction=Allow

    Direction=Incoming

    Protocol=TCP

    LocalPorts=443

    [PacketRules.item_<item number>]

    FirewallAction=Allow

    Direction=Incoming

    Protocol=TCP

    LocalPorts=9045

    <item number> is the sequential number of the PacketRules section, numbering starts from zero.

  4. Save your changes in the configuration file.
  5. Import settings from the configuration file to the Firewall management task:

    kesl-control --set-settings 12 --file <full path to the file>

Page top