Preventing Deep Security from disabling iptables

- Updated:
- 24 Nov 2016
- Product/Version:
- Deep Security 9.0
- Platform:
- Linux - Red Hat RHEL 5 32-bit
- Linux - Red Hat RHEL 5 64-bit
- Linux - Red Hat RHEL 6 32-bit
- Linux - Red Hat RHEL 6 64-bit

Summary

By default, the installed Deep Security Agent (DSA) disables the iptables.

Know the workaround to prevent DSA from disabling iptables, and allow DSA to support the iptables firewall.

Details

As a workaround:

Make sure you are running the following product builds or higher:
- DSA 8.0 build 2151
- DSA 9.0 build 2008
Run the following touch commands to leave the iptables rules intact and confirm that the use_dsa_with_iptables file exists.
[root@RedHat6 sysconfig]# touch /etc/use_dsa_with_iptables
[root@RedHat6 sysconfig]# cd /etc
[root@RedHat6 etc]# ls use_dsa_with_iptables
use_dsa_with_iptables

The DSA will no longer disable the iptables when the use_dsa_with_iptables file exists.

Rating:

Category:

Configure; Troubleshoot

Solution Id:

1098791

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.