Follow

How can I temporarily disable the ThreatSTOP service

To temporarily disable the ThreatSTOP service, complete the following steps.

  1. Turn off the crontab jobs
  2. Remove the ThreatSTOP filter from the interfaces

Turn off the crontab jobs.

  1. Log into your Vyatta via ssh or console and run 
    sudo crontab -e

    The output will look similar to

     

  2. Add a pound / hash sign (#) in front of the ipsetget.pl and the logrotate so they look like

     

This will prevent the Vyatta from updating the rules and uploading logs to our system.

 

Remove the ThreatSTOP filter from the interfaces

  1. Find the interfaces that are protected with the ThreatSTOP service. To do so, issue the command:
    show firewall

    Which will bring up the list of firewall rules, what interfaces they are applied to, as well as their rule numbers. The below example has the ThreatSTOP rules with their default names, TSrtinrule, TSrtlocalruleTSrtoutrule, with the default rule numbers of 10-13  applied to interface eth0.

     

Using the above example, entering these commands will remove ThreatSTOP protection from your device:

configure
set firewall name TSrtinrule rule 10 disable
set firewall name TSrtinrule rule 11 disable
set firewall name TSrtinrule rule 12 disable
set firewall name TSrtinrule rule 13 disable
set firewall name TSrtlocalrule rule 10 disable
set firewall name TSrtlocalrule rule 11 disable
set firewall name TSrtlocalrule rule 12 disable
set firewall name TSrtlocalrule rule 13 disable
set firewall name TSrtoutrule rule 10 disable
set firewall name TSrtoutrule rule 11 disable
set firewall name TSrtoutrule rule 12 disable
set firewall name TSrtoutrule rule 13 disable
commit

Once changes have been made, it's suggested that you save the configuration by running the command:

save TSDeactivated

In order to turn on the ThreatSTOP service, uncomment out the crontabs and, using the above example, delete the disable rules.

configure
delete firewall name TSrtinrule rule 10 disable
delete firewall name TSrtinrule rule 11 disable
delete firewall name TSrtinrule rule 12 disable
delete firewall name TSrtinrule rule 13 disable
delete firewall name TSrtlocalrule rule 10 disable
delete firewall name TSrtlocalrule rule 11 disable
delete firewall name TSrtlocalrule rule 12 disable
delete firewall name TSrtlocalrule rule 13 disable
delete firewall name TSrtoutrule rule 10 disable
delete firewall name TSrtoutrule rule 11 disable
delete firewall name TSrtoutrule rule 12 disable
delete firewall name TSrtoutrule rule 13 disable
commit

Back to Top

Was this article helpful?
0 out of 0 found this helpful

Comments