Penalty Box ist not reboot safe

David_T · ‎2020-04-27

Hi

I want to enable the penalty Box. i executed the follwing commands:

fwaccel dos config set --enable-monitor

fwaccel dos config set --enable-pbox

after this the pbox is enabled and does work:

fwaccel dos config get
rate limit: disabled (without policy)
pbox: enabled
blacklists: disabled
drop frags: disabled
drop opts: disabled
internal: disabled
monitor: enabled
log drops: enabled
log pbox: enabled
notif rate: 100 notifications/second
pbox rate: 500 packets/second
pbox tmo: 180 seconds

but after a reboot of the firewall the pbox is disabled again. what have i to do to make this reboot safe? i cannot find id in the documentation.

Timothy_Hall · ‎2020-04-27

Quoted from sk74520:

Important note:

Note that in order for this configuration to be persistent and survive a reboot, add the relevant 'sim erdos' commands at the bottom of the /etc/rc.d/rc.local shell script.

The above applies to R80.30 and older, for R80.40 this is quoted from sk112454:

Except for rate limiting policy rules, configuration changes made using the "fwaccel dos" command are *not* automatically saved. To make the changes permanent, IPv4 commands can be added to the following shell script on the security gateway:

$FWDIR/conf/fwaccel_dos_rate_on_install

"Max Capture: Know Your Packets" Self-Guided Video Series
available at http://www.maxpowerfirewalls.com

David_T · ‎2020-04-27

Hi

Thank for your answer. i have 80.30. i dont have the sim erdos commands. does this also work with the new commands?

should i add

fwaccel dos config set --enable-monitor

fwaccel dos config set --enable-pbox

to /etc/rc.d/rc.local ?

regards

PhoneBoy · ‎2020-04-27

Applies for that as well.

Penalty Box ist not reboot safe

How to make vpn gateway have capability to foward ...

Basic application control question

Prohibit/Block Identity Agent traffic on connected...

Switch and bond configuration

Cluster hardware core count change - prestaging or...