Follow

Add a "Passthru" policy to Vyos or Vyatta

Set up your device according to the ThreatSTOP docs to have your ThreatSTOP policy alongside your current policy (positioning the rules past your current policy): https://docs.threatstop.com/webauto_vyos.html 

 

Now that you have a working ThreatSTOP implementation, just change the rules for the ThreatSTOP firewall rule to allow.

 

  1. Do a "tsadmin update" to make sure the policy is downloaded
  2. Ping bad.threatstop.com, it should not work, indicating the blocking policy is working
  3. Do a "show configuration" and scroll down until you find all 3 ThreatSTOP firewall rules, they should look like this
    1. Note the number of the rule
  4. Now go to "configure" mode
  5. Edit all three rules using the values you found earlier, changing the action to accept:

      1. *Note, commands may differ slightly based on the version of Vyos or Vyatta you are using
  6. commit, save, exit
  7. Check the config again, make sure that each ThreatSTOP rule is showing accept, and logging is enabled
  8. Ping bad.threatstop.com, it should now allow the traffic
  9. "cd /var/log/user"
  10. "cat threatstop.log | tail"
    1. Your logs should show the bad.threatstop ping and look like this.
  11. Wait for the logs to upload to the admin portal!
Was this article helpful?
0 out of 0 found this helpful

Comments