Re: Penalty Box ist not reboot safe

David_T · ‎2020-04-27

Hi

I want to enable the penalty Box. i executed the follwing commands:

fwaccel dos config set --enable-monitor

fwaccel dos config set --enable-pbox

after this the pbox is enabled and does work:

fwaccel dos config get
rate limit: disabled (without policy)
pbox: enabled
blacklists: disabled
drop frags: disabled
drop opts: disabled
internal: disabled
monitor: enabled
log drops: enabled
log pbox: enabled
notif rate: 100 notifications/second
pbox rate: 500 packets/second
pbox tmo: 180 seconds

but after a reboot of the firewall the pbox is disabled again. what have i to do to make this reboot safe? i cannot find id in the documentation.

Timothy_Hall · ‎2020-04-27

Quoted from sk74520:

Important note:

Note that in order for this configuration to be persistent and survive a reboot, add the relevant 'sim erdos' commands at the bottom of the /etc/rc.d/rc.local shell script.

The above applies to R80.30 and older, for R80.40 this is quoted from sk112454:

Except for rate limiting policy rules, configuration changes made using the "fwaccel dos" command are *not* automatically saved. To make the changes permanent, IPv4 commands can be added to the following shell script on the security gateway:

$FWDIR/conf/fwaccel_dos_rate_on_install

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com

David_T · ‎2020-04-27

Hi

Thank for your answer. i have 80.30. i dont have the sim erdos commands. does this also work with the new commands?

should i add

fwaccel dos config set --enable-monitor

fwaccel dos config set --enable-pbox

to /etc/rc.d/rc.local ?

regards

PhoneBoy · ‎2020-04-27

Applies for that as well.

Penalty Box ist not reboot safe

Cascading interface faiilure

Gateway as SSO Login using SAML or Kerberos

IKE IDs is smaller than Encryption Domain definiti...

ISP redundancy - traceroute/ping question..

OSPF Not Coming Up - Showing Auth Error

Are you a member of CheckMates?