Kaspersky Embedded Systems Security for Linux
3.3.0
English

Contents

Firewall Management

The operating system firewall protects personal data that is stored on the user's device. The firewall blocks most threats to the operating system when the device is connected to the Internet or a LAN. Firewall Management detects all network connections by the user's device and provides a list of IP addresses, as well as an indication of the default network connection's status.

The Firewall Management component filters all network activity according to the network packet rules. Configuring network packet rules lets you specify the desired level of the device protection, from blocking Internet access for all applications to allowing unlimited access.

It is recommended to disable other operating system firewall management tools before enabling the Firewall Management component.

Firewall Management settings

Setting

Description

Firewall Management enabled / disabled

This toggle button enables or disables Firewall Management.

The toggle button is switched off by default.

Network packet rules

Clicking the Configure network packet rules link opens the Network packet rules window. In this window, you can configure the list of network packet rules that are applied by the Firewall Management component when it detects the network connection attempt.

Available networks

Clicking the Configure available networks link opens the Available networks window. In this window, you can configure the list of networks that the Firewall Management component will monitor.

Incoming connections

In this drop-down list, you can select the action to be performed for incoming network connections:

  • Allow network connections (default value).
  • Block network connections.

Incoming packets

In this drop-down list you can select the action to be performed for incoming packets:

  • Allow incoming packets (default value).
  • Block incoming packets.

Always add allowing rules for Network Agent ports

This check box enables or disables automatic adding allowing rules for Network Agent ports.

The check box is selected by default.

Page top

[Topic 202310]

Network packet rules window

The Network packet rules table contains network packet rules that the Firewall Management component uses for network activity monitoring. You can configure the settings described in the table below for network packet rules.

Network packet rules settings

Setting

Description

Name

Network packet rule name.

Action

Action to be performed by Firewall Management when it detects the network activity.

Local address

Network addresses of devices that have Kaspersky Embedded Systems Security installed and can send and/or receive network packets.

Remote address

Network addresses of remote devices that can send and/or receive network packets.

Logging

This column shows if the application logs actions of the network packet rule.

If the value is Yes, the application logs the actions of the network packet rule.

If the value is No, the application does not log the actions of the network packet rule.

By default, the table of network packet rules is empty.

You can add, edit, delete, move up, and move down network packet rules in the table.

Clicking the Move down button moves the selected item down in the table.

This button is available if only one item is selected in the table.

Clicking the Move up button moves the selected item up in the table.

This button is available if only one item is selected in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 202312_1]

Network packet rule window

In this window, you can configure the network packet rule.

Network packet rule settings

Setting

Description

Rule name

The field for entering the name of the network packet rule.

Action

In the drop-down list, you can select an action to be performed by the Firewall Management component when it detects network activity:

  • Block network activity.
  • Allow network activity (default value).

Protocol

In the drop-down list, you can select the type of data transfer protocol for which you want to monitor network activity:

  • Any (default value)
  • GRE
  • ICMP
  • ICMPv6
  • IGMP
  • TCP
  • UDP

Specify ICMP type

This check box lets you specify the ICMP type. The Firewall Management component monitors messages of the specified type sent by the host or gateway.

If this check box is selected, the field for entering the ICMP type is displayed.

This check box is displayed only if ICMP or ICMPv6 data transfer protocol is selected in the Protocol drop-down list.

This check box is cleared by default.

Specify ICMP code

This check box lets you specify the ICMP code. The Firewall Management component monitors messages of the type specified in the field under the ICMP type check box, with the code specified in the field under the ICMP code check box, and sent by the host or gateway.

If this check box is selected, the field for entering the ICMP code is displayed.

This check box is displayed only if ICMP or ICMPv6 data transfer protocol is selected in the Protocol drop-down list. It is available only if the Specify ICMP type check box is selected.

This check box is cleared by default.

Direction

In this drop-down list, you can specify the direction of the monitored network activity:

  • Incoming packets (default value). If this option is selected, the Firewall Management component monitors incoming packets.
  • Incoming. If this option is selected, the Firewall Management component monitors incoming network activity.
  • Incoming/Outgoing. If this option is selected, the Firewall Management component monitors both incoming and outgoing network activity.
  • Incoming/Outgoing packets. If this option is selected, the Firewall Management component monitors both incoming and outgoing packets.
  • Outgoing packets. If this option is selected, the Firewall Management component monitors outgoing packets.
  • Outgoing. If this option is selected, the Firewall Management component monitors outgoing network activity.

Remote address

In this drop-down list, you can specify network addresses of the remote devices that can send and receive network packets:

  • Any address (default value). If this option is selected, the network rule controls network packets sent and received by remote devices with any IP address.
  • All subnet addresses. If this option is selected, the network rule controls network packets sent and received by remote devices with the IP addresses associated with the selected network type: Public networks, Local networks, or Trusted networks.
  • Specified address. If this option is selected, the network rule controls network packets sent and received by the remote devices with IP addresses specified in the Address field.

Specify remote ports

This check box allows you to specify the port numbers of the remote devices between which the connection must be monitored.

If this check box is selected, the field for entering port numbers is displayed.

This check box is displayed only if TCP or UDP data transfer protocol is selected in the Protocol drop-down list.

This check box is cleared by default.

Local address

In this drop-down list, you can specify the network addresses of the devices with Kaspersky Embedded Systems Security installed that can send and receive network packets:

  • Any address (default value). If this item is selected, the network rule controls sending and receiving of network packets by the devices with Kaspersky Embedded Systems Security installed and with any IP address.
  • Specified address. If this item is selected, the network rule controls the specified in the Address field network addresses of the devices with Kaspersky Embedded Systems Security installed that can send and receive network packets.

Specify local ports

This check box allows you to specify the port numbers of the local devices between which the connection must be monitored.

If this check box is selected, the field for entering port numbers is displayed.

This check box is displayed only if TCP or UDP data transfer protocol is selected in the Protocol drop-down list.

This check box is cleared by default.

Log events

This check box lets you specify whether the actions of the network rule are recorded in the report.

If the check box is selected, the application writes the actions of the network rule to the report.

If the check box is cleared, the application does not write the actions of the network rule to the report.

This check box is cleared by default.

Page top

[Topic 202313]

Available networks window

The Available networks table contains the networks controlled by the Firewall Management component. The table of available networks is empty by default.

Available networks settings

Setting

Description

IP address

Network IP address.

Network type

Network type (Public network, Local network, or Trusted network).

You can add, edit, and delete available networks.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top

[Topic 210497_1]

Network connection window

In this window, you can configure the network connection that the Firewall Management component will monitor.

Network connection

Setting

Description

IP address

The field for entering IP address of the network.

Network type

You can select the type of the network:

  • Public
  • Local
  • Trusted

     

Page top

[Topic 214875_1]