Create a Post
Showing results for 
Search instead for 
Did you mean: 

Penalty Box ist not reboot safe


I want to enable the penalty Box. i executed the follwing commands:

fwaccel dos config set --enable-monitor

fwaccel dos config set --enable-pbox

after this the pbox is enabled and does work:

fwaccel dos config get
rate limit: disabled (without policy)
pbox: enabled
blacklists: disabled
drop frags: disabled
drop opts: disabled
internal: disabled
monitor: enabled
log drops: enabled
log pbox: enabled
notif rate: 100 notifications/second
pbox rate: 500 packets/second
pbox tmo: 180 seconds

but after a reboot of the firewall the pbox is disabled again. what have i to do to make this reboot safe? i cannot find id in the documentation.  

0 Kudos
3 Replies
Legend Legend

Quoted from sk74520:

Important note:

Note that in order for this configuration to be persistent and survive a reboot, add the relevant 'sim erdos' commands at the bottom of the /etc/rc.d/rc.local shell script.

The above applies to R80.30 and older, for R80.40 this is quoted from sk112454:

Except for rate limiting policy rules, configuration changes made using the "fwaccel dos" command are *not* automatically saved. To make the changes permanent, IPv4 commands can be added to the following shell script on the security gateway:


Gateway Performance Optimization R81.20 Course
now available at
0 Kudos


Thank for your answer. i have 80.30. i dont have the sim erdos commands. does this also work with the new commands?

should i add 

fwaccel dos config set --enable-monitor

fwaccel dos config set --enable-pbox

to /etc/rc.d/rc.local ?


0 Kudos

Applies for that as well.


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events