Linux-UNIX: Firewall parameters
These parameters affect the behavior of the S-TAP with respect to the firewall.
These parameters are stored in the [TAP] section of the S-TAP properties file.
GUI | GIM | guard_tap.ini | Default value | Description |
---|---|---|---|---|
Firewall installed | STAP_FIREWALL_INSTALLED | firewall_installed | 0 | Firewall feature enabled. Valid values:
Note: firewall_installed and
qrw_installed cannot be enabled at the same time. If
qrw_installed is set to 1, then firewall_installed is
disabled.
|
Firewall timeout | STAP_FIREWALL_TIMEOUT | firewall_timeout | 2 | Time to wait for a verdict from the Guardium® system. If the firewall times out, the value of the parameter
firewall_fail_close determines whether to block or allow the connection.
Valid values: -1 to -999, 1 to 10. Negative values represent milliseconds and positive values represent seconds. For example, -50 is 50 milliseconds while 3 is 3 seconds. |
Firewall fail close | STAP_FIREWALL_FAIL_CLOSE | firewall_fail_close | 0 | The action when the verdict cannot be set by the policy rules, for
example the Firewall timeout expires. Valid values:
|
Firewall default state | STAP_FIREWALL_DEFAULT_STATE | firewall_default_state | 0 | Sets the firewall activation trigger. Must be 0 if qrw_default_state=1 or 2. Valid values: Valid values:
|
Firewall force watch | STAP_FIREWALL_FORCE_WATCH | firewall_force_watch | NULL | When firewall_default_state=0 (off), then
firewall_force_watch specifies the network/mask of the IPs you want the
firewall to watch, overriding the default (off). Valid value: comma separated list of IP/mask values. |
Firewall force unwatch | STAP_FIREWALL_FORCE_UNWATCH | firewall_force_unwatch | NULL | When firewall_default_state=1 (on), then
firewall_force_unwatch specifies the network/mask of the IPs you want the
firewall to ignore, overriding the default (on). Valid value: comma separated list of IP/mask values. |