To temporarily disable the ThreatSTOP service, complete the following steps.
Turn off the crontab jobs.
- Log into your Vyatta via ssh or console and run
sudo crontab -e
The output will look similar to
- Add a pound / hash sign (#) in front of the ipsetget.pl and the logrotate so they look like
This will prevent the Vyatta from updating the rules and uploading logs to our system.
Remove the ThreatSTOP filter from the interfaces
- Find the interfaces that are protected with the ThreatSTOP service. To do so, issue the command:
show firewall
Which will bring up the list of firewall rules, what interfaces they are applied to, as well as their rule numbers. The below example has the ThreatSTOP rules with their default names, TSrtinrule, TSrtlocalrule, TSrtoutrule, with the default rule numbers of 10-13 applied to interface eth0.
Using the above example, entering these commands will remove ThreatSTOP protection from your device:
configure
set firewall name TSrtinrule rule 10 disable
set firewall name TSrtinrule rule 11 disable
set firewall name TSrtinrule rule 12 disable
set firewall name TSrtinrule rule 13 disable
set firewall name TSrtlocalrule rule 10 disable
set firewall name TSrtlocalrule rule 11 disable
set firewall name TSrtlocalrule rule 12 disable
set firewall name TSrtlocalrule rule 13 disable
set firewall name TSrtoutrule rule 10 disable
set firewall name TSrtoutrule rule 11 disable
set firewall name TSrtoutrule rule 12 disable
set firewall name TSrtoutrule rule 13 disable
commit
Once changes have been made, it's suggested that you save the configuration by running the command:
save TSDeactivated
In order to turn on the ThreatSTOP service, uncomment out the crontabs and, using the above example, delete the disable rules.
configure
delete firewall name TSrtinrule rule 10 disable
delete firewall name TSrtinrule rule 11 disable
delete firewall name TSrtinrule rule 12 disable
delete firewall name TSrtinrule rule 13 disable
delete firewall name TSrtlocalrule rule 10 disable
delete firewall name TSrtlocalrule rule 11 disable
delete firewall name TSrtlocalrule rule 12 disable
delete firewall name TSrtlocalrule rule 13 disable
delete firewall name TSrtoutrule rule 10 disable
delete firewall name TSrtoutrule rule 11 disable
delete firewall name TSrtoutrule rule 12 disable
delete firewall name TSrtoutrule rule 13 disable
commit
Comments