Set up your device according to the ThreatSTOP docs to have your ThreatSTOP policy alongside your current policy (positioning the rules past your current policy): https://docs.threatstop.com/webauto_vyos.html
Now that you have a working ThreatSTOP implementation, just change the rules for the ThreatSTOP firewall rule to allow.
- Do a "tsadmin update" to make sure the policy is downloaded
- Ping bad.threatstop.com, it should not work, indicating the blocking policy is working
- Do a "show configuration" and scroll down until you find all 3 ThreatSTOP firewall rules, they should look like this
- Note the number of the rule
- Now go to "configure" mode
- Edit all three rules using the values you found earlier, changing the action to accept:
-
- *Note, commands may differ slightly based on the version of Vyos or Vyatta you are using
-
- commit, save, exit
- Check the config again, make sure that each ThreatSTOP rule is showing accept, and logging is enabled
- Ping bad.threatstop.com, it should now allow the traffic
- "cd /var/log/user"
- "cat threatstop.log | tail"
- Your logs should show the bad.threatstop ping and look like this.
- Wait for the logs to upload to the admin portal!
Comments