topic Penalty Box ist not reboot safe in Firewall and Security Management

Penalty Box ist not reboot safe

David_T — Mon, 27 Apr 2020 17:56:19 GMT

I want to enable the penalty Box. i executed the follwing commands:

fwaccel dos config set --enable-monitor

fwaccel dos config set --enable-pbox

after this the pbox is enabled and does work:

fwaccel dos config get
rate limit: disabled (without policy)
pbox: enabled
blacklists: disabled
drop frags: disabled
drop opts: disabled
internal: disabled
monitor: enabled
log drops: enabled
log pbox: enabled
notif rate: 100 notifications/second
pbox rate: 500 packets/second
pbox tmo: 180 seconds

but after a reboot of the firewall the pbox is disabled again. what have i to do to make this reboot safe? i cannot find id in the documentation.

Re: Penalty Box ist not reboot safe

Timothy_Hall — Mon, 27 Apr 2020 20:54:15 GMT

Quoted from sk74520:

Important note:

Note that in order for this configuration to be persistent and survive a reboot, add the relevant 'sim erdos' commands at the bottom of the /etc/rc.d/rc.local shell script.

The above applies to R80.30 and older, for R80.40 this is quoted from sk112454:

Except for rate limiting policy rules, configuration changes made using the "fwaccel dos" command are *not* automatically saved. To make the changes permanent, IPv4 commands can be added to the following shell script on the security gateway:

$FWDIR/conf/fwaccel_dos_rate_on_install

Re: Penalty Box ist not reboot safe

David_T — Tue, 28 Apr 2020 06:12:18 GMT

Thank for your answer. i have 80.30. i dont have the sim erdos commands. does this also work with the new commands?

should i add

fwaccel dos config set --enable-monitor

fwaccel dos config set --enable-pbox

to /etc/rc.d/rc.local ?

regards

Re: Penalty Box ist not reboot safe

PhoneBoy — Tue, 28 Apr 2020 06:16:44 GMT

Applies for that as well.