Linux-Unix: Firewall parameters
These parameters affect the behavior of the S-TAP with respect to the firewall.
These parameters are stored in the [TAP] section of the S-TAP properties file.
CAUTION:
These are advanced parameters and are usually
modified by IBM Technical Support only.
GIM | guard_tap.ini | Default value | Description |
---|---|---|---|
STAP_FIREWALL_INSTALLED | firewall_installed | 0 | Firewall feature enabled. Valid values:
|
STAP_FIREWALL_TIMEOUT | firewall_timeout | 2 | Time, in seconds, to wait for a verdict from the Guardium system. If the firewall times out, look at firewall_fail_close value to know whether to block or allow the connection. The value can be any integer value. |
STAP_FIREWALL_FAIL_CLOSE | firewall_fail_close | 0 | The action when the verdict cannot be set by the
policy rules, for example the firewall_timeout expires. Valid values:
|
STAP_FIREWALL_DEFAULT_STATE | firewall_default_state | 0 | Valid values:
|
STAP_FIREWALL_FORCE_WATCH | firewall_force_watch | NULL | When firewall_default_state=0
(off), then firewall_force_watch specifies the network/mask of the IPs you want
the firewall to watch, overriding the default (off). Valid value: comma separated list of IP/mask values. |
STAP_FIREWALL_FORCE_UNWATCH | firewall_force_unwatch | NULL | When firewall_default_state=1
(on), then firewall_force_unwatch specifies the network/mask of the IPs you
want the firewall to ignore, overriding the default (on). Valid value: comma separated list of IP/mask values. |