Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

Penalty Box ist not reboot safe

Hi

I want to enable the penalty Box. i executed the follwing commands:

fwaccel dos config set --enable-monitor

fwaccel dos config set --enable-pbox

after this the pbox is enabled and does work:

fwaccel dos config get
rate limit: disabled (without policy)
pbox: enabled
blacklists: disabled
drop frags: disabled
drop opts: disabled
internal: disabled
monitor: enabled
log drops: enabled
log pbox: enabled
notif rate: 100 notifications/second
pbox rate: 500 packets/second
pbox tmo: 180 seconds

but after a reboot of the firewall the pbox is disabled again. what have i to do to make this reboot safe? i cannot find id in the documentation.  

0 Kudos
3 Replies
Highlighted

Quoted from sk74520:

Important note:

Note that in order for this configuration to be persistent and survive a reboot, add the relevant 'sim erdos' commands at the bottom of the /etc/rc.d/rc.local shell script.

The above applies to R80.30 and older, for R80.40 this is quoted from sk112454:

Except for rate limiting policy rules, configuration changes made using the "fwaccel dos" command are *not* automatically saved. To make the changes permanent, IPv4 commands can be added to the following shell script on the security gateway:

$FWDIR/conf/fwaccel_dos_rate_on_install

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Iron

Hi

Thank for your answer. i have 80.30. i dont have the sim erdos commands. does this also work with the new commands?

should i add 

fwaccel dos config set --enable-monitor

fwaccel dos config set --enable-pbox

to /etc/rc.d/rc.local ?

regards

0 Kudos
Highlighted
Admin
Admin

Applies for that as well.