topic Como apagar uma entrada na tabela de conexões com ips específicos no Checkpoint in Português https://community.checkpoint.com/t5/Portugu%C3%AAs/Como-apagar-uma-entrada-na-tabela-de-conex%C3%B5es-com-ips/m-p/98558#M29 <P>Eu gostaria de compartilhar com todos uma <U>melhoria</U> no script para apagar um conexão na tabela automaticamente.</P><P>A ideia do ajuste veio a partir do post abaixo.</P><P>Créditos para o post Original:<A href="https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/How-to-manually-delete-an-entry-from-the-Connections-Table/m-p/13122" target="_blank" rel="noopener">https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/How-to-manually-delete-an-entry-from-the-Connections-Table/m-p/13122</A><BR />O script coleta e converte os ips específicos e faz a limpeza na tabela de conexão, pode ser utilizado em todas as versões R80.X</P><P>(esse post foi criado também no CheckMates em Inglês)</P><P><SPAN>- Crie um arquivo com o conteúdo abaixo (ex:del_conn.sh)</SPAN></P><DIV class="lia-message-body lia-component-message-view-widget-body lia-component-body-signature-highlight-escalation lia-component-message-view-widget-body-signature-highlight-escalation"><DIV class="lia-message-body-content"><P><STRONG>#!/bin/bash</STRONG></P><P>logfile="$0.log"</P><P>help() {<BR />echo -e "Drop connection from table\n"<BR />echo -e "Usage: "<BR />echo -e "\t $0 &lt;Source&gt; &lt;Destination&gt;"<BR />echo -e "e.g."<BR />echo -e "\t $0 10.10.10.10 20.20.20.20"<BR />echo -e ""<BR />}</P><P>main() {<BR />if [[ $# -ne 2 ]]; then<BR />help<BR />exit<BR />fi<BR />IPA=$1<BR />IPB=$2</P><P>echo "Are you sure to delete connections on IP $1 and $2? [y/N]"<BR />read confirm2<BR />if [ "$confirm2" != "y" -a "$confirm2" != "Y" ]<BR />then<BR />echo "Aborted by user!!!!"<BR />exit<BR />fi</P><P>IPAHEX=`printf '%02x' ${IPA//./ }`;<BR />IPBHEX=`printf '%02x' ${IPB//./ }`;</P><P>echo "Parameters: Source: $IPA ($IPAHEX) | Destination: $IPB ($IPBHEX)"</P><P>OIFS=IFS<BR />IFS=$'\n'<BR />count=0<BR />echo "Querying table connection"<BR />for li in `fw tab -t connections -u | grep "$IPAHEX" | grep "$IPBHEX" | grep "^&lt;0000000"`; do<BR />count=$((count+1))<BR />echo "Record match: $li"<BR />for cmd in `echo "$li" | awk '{print $1" "$2" "$3" "$4" "$5" "$6}' |sed 's/ //g' |sed 's/&lt;//g' |sed 's/&gt;//g' |sed 's/;//g'`; do<BR />echo "Running: fw tab -t connections -x -e $cmd"<BR />eval "fw tab -t connections -x -e $cmd"<BR />echo "Result: $?"<BR />done<BR />done<BR />IFS=OIFS<BR />echo "Founded: $count record(s)"<BR />}</P><P>main $1 $2 | tee -a $logfile</P><P>-------------------</P><P><U><STRONG>Ajuste o arquivo para execução:</STRONG></U></P><P><BR />- dos2unix del_conn.sh<BR />- chmod +x del_conn.sh</P><P>- Teste script conforme o exemplo abaixo:<BR /><STRONG>Usage:</STRONG><BR />./del_conn.sh &lt;Source&gt; &lt;Destination&gt;<BR />e.g.<BR />./del_conn.sh 10.10.10.10 20.20.20.20</P><P>[Expert@FW2_R8040:0]# ./del_conn.sh 10.10.10.125 8.8.8.8<BR />Are you sure to delete connections on IP 10.10.10.125 and 8.8.8.8? [y/N]<BR />y<BR />Parameters: Source: 10.10.10.125 (<STRONG>0a0a0a7d</STRONG>) | Destination: 8.8.8.8 (<STRONG>08080808</STRONG>)<BR />Querying table connection<BR />Record match: &lt;00000001, 08080808, 00000000, 0a0a0a7d, 00005871, 00000001&gt; -&gt; &lt;00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001&gt; (00000805)<BR />Running: fw tab -t connections -x -e 00000001,08080808,00000000,0a0a0a7d,00005871,00000001<BR />Entry &lt;00000001, 08080808, 00000000, 0a0a0a7d, 00005871, 00000001&gt;<BR />deleted from table connections<BR />Result: 0<BR />Record match: &lt;00000001, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001&gt; -&gt; &lt;00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001&gt; (00000802)<BR />Running: fw tab -t connections -x -e 00000001,0a0a0a7d,00005871,08080808,00000000,00000001<BR />&lt;00000001, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001&gt; not found in table connections<BR />Result: 0<BR />Record match: &lt;00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001; 00010001, 40006080, 00000000, 00000176, 00000000, 5f7f12a1, 00000000, c9b5574b, e911ea8e, 00000002, 00000002, 00000001, 00000001, 00000000, 00000000, 80000080, 00000000, 00000000, 956bc748, 00007f91, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, df1f9800, 00000000, 00000000, 00000000, 00000000, 00000000; 7/30&gt;<BR />Running: fw tab -t connections -x -e 00000000,0a0a0a7d,00005871,08080808,00000000,00000001<BR />&lt;00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001&gt; not found in table connections<BR />Result: 0<BR />Record match: &lt;00000000, 08080808, 00000000, c0a80284, 0000a989, 00000001&gt; -&gt; &lt;00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001&gt; (00000806)<BR />Running: fw tab -t connections -x -e 00000000,08080808,00000000,c0a80284,0000a989,00000001<BR />&lt;00000000, 08080808, 00000000, c0a80284, 0000a989, 00000001&gt; not found in table connections<BR />Result: 0<BR />Founded: 4 record(s)<BR />[Expert@FW2_R8040:0]#</P></DIV></DIV><DIV class="lia-panel lia-panel-standard MessageTagsTaplet Chrome lia-component-message-view-widget-tags"><DIV class="lia-decoration-border"><DIV class="lia-decoration-border-top"><DIV>** Estou anexando um arquivo já pronto.</DIV></DIV></DIV></DIV> Thu, 08 Oct 2020 14:19:59 GMT Edilson_Lyrio 2020-10-08T14:19:59Z Como apagar uma entrada na tabela de conexões com ips específicos no Checkpoint https://community.checkpoint.com/t5/Portugu%C3%AAs/Como-apagar-uma-entrada-na-tabela-de-conex%C3%B5es-com-ips/m-p/98558#M29 <P>Eu gostaria de compartilhar com todos uma <U>melhoria</U> no script para apagar um conexão na tabela automaticamente.</P><P>A ideia do ajuste veio a partir do post abaixo.</P><P>Créditos para o post Original:<A href="https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/How-to-manually-delete-an-entry-from-the-Connections-Table/m-p/13122" target="_blank" rel="noopener">https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/How-to-manually-delete-an-entry-from-the-Connections-Table/m-p/13122</A><BR />O script coleta e converte os ips específicos e faz a limpeza na tabela de conexão, pode ser utilizado em todas as versões R80.X</P><P>(esse post foi criado também no CheckMates em Inglês)</P><P><SPAN>- Crie um arquivo com o conteúdo abaixo (ex:del_conn.sh)</SPAN></P><DIV class="lia-message-body lia-component-message-view-widget-body lia-component-body-signature-highlight-escalation lia-component-message-view-widget-body-signature-highlight-escalation"><DIV class="lia-message-body-content"><P><STRONG>#!/bin/bash</STRONG></P><P>logfile="$0.log"</P><P>help() {<BR />echo -e "Drop connection from table\n"<BR />echo -e "Usage: "<BR />echo -e "\t $0 &lt;Source&gt; &lt;Destination&gt;"<BR />echo -e "e.g."<BR />echo -e "\t $0 10.10.10.10 20.20.20.20"<BR />echo -e ""<BR />}</P><P>main() {<BR />if [[ $# -ne 2 ]]; then<BR />help<BR />exit<BR />fi<BR />IPA=$1<BR />IPB=$2</P><P>echo "Are you sure to delete connections on IP $1 and $2? [y/N]"<BR />read confirm2<BR />if [ "$confirm2" != "y" -a "$confirm2" != "Y" ]<BR />then<BR />echo "Aborted by user!!!!"<BR />exit<BR />fi</P><P>IPAHEX=`printf '%02x' ${IPA//./ }`;<BR />IPBHEX=`printf '%02x' ${IPB//./ }`;</P><P>echo "Parameters: Source: $IPA ($IPAHEX) | Destination: $IPB ($IPBHEX)"</P><P>OIFS=IFS<BR />IFS=$'\n'<BR />count=0<BR />echo "Querying table connection"<BR />for li in `fw tab -t connections -u | grep "$IPAHEX" | grep "$IPBHEX" | grep "^&lt;0000000"`; do<BR />count=$((count+1))<BR />echo "Record match: $li"<BR />for cmd in `echo "$li" | awk '{print $1" "$2" "$3" "$4" "$5" "$6}' |sed 's/ //g' |sed 's/&lt;//g' |sed 's/&gt;//g' |sed 's/;//g'`; do<BR />echo "Running: fw tab -t connections -x -e $cmd"<BR />eval "fw tab -t connections -x -e $cmd"<BR />echo "Result: $?"<BR />done<BR />done<BR />IFS=OIFS<BR />echo "Founded: $count record(s)"<BR />}</P><P>main $1 $2 | tee -a $logfile</P><P>-------------------</P><P><U><STRONG>Ajuste o arquivo para execução:</STRONG></U></P><P><BR />- dos2unix del_conn.sh<BR />- chmod +x del_conn.sh</P><P>- Teste script conforme o exemplo abaixo:<BR /><STRONG>Usage:</STRONG><BR />./del_conn.sh &lt;Source&gt; &lt;Destination&gt;<BR />e.g.<BR />./del_conn.sh 10.10.10.10 20.20.20.20</P><P>[Expert@FW2_R8040:0]# ./del_conn.sh 10.10.10.125 8.8.8.8<BR />Are you sure to delete connections on IP 10.10.10.125 and 8.8.8.8? [y/N]<BR />y<BR />Parameters: Source: 10.10.10.125 (<STRONG>0a0a0a7d</STRONG>) | Destination: 8.8.8.8 (<STRONG>08080808</STRONG>)<BR />Querying table connection<BR />Record match: &lt;00000001, 08080808, 00000000, 0a0a0a7d, 00005871, 00000001&gt; -&gt; &lt;00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001&gt; (00000805)<BR />Running: fw tab -t connections -x -e 00000001,08080808,00000000,0a0a0a7d,00005871,00000001<BR />Entry &lt;00000001, 08080808, 00000000, 0a0a0a7d, 00005871, 00000001&gt;<BR />deleted from table connections<BR />Result: 0<BR />Record match: &lt;00000001, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001&gt; -&gt; &lt;00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001&gt; (00000802)<BR />Running: fw tab -t connections -x -e 00000001,0a0a0a7d,00005871,08080808,00000000,00000001<BR />&lt;00000001, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001&gt; not found in table connections<BR />Result: 0<BR />Record match: &lt;00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001; 00010001, 40006080, 00000000, 00000176, 00000000, 5f7f12a1, 00000000, c9b5574b, e911ea8e, 00000002, 00000002, 00000001, 00000001, 00000000, 00000000, 80000080, 00000000, 00000000, 956bc748, 00007f91, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, df1f9800, 00000000, 00000000, 00000000, 00000000, 00000000; 7/30&gt;<BR />Running: fw tab -t connections -x -e 00000000,0a0a0a7d,00005871,08080808,00000000,00000001<BR />&lt;00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001&gt; not found in table connections<BR />Result: 0<BR />Record match: &lt;00000000, 08080808, 00000000, c0a80284, 0000a989, 00000001&gt; -&gt; &lt;00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001&gt; (00000806)<BR />Running: fw tab -t connections -x -e 00000000,08080808,00000000,c0a80284,0000a989,00000001<BR />&lt;00000000, 08080808, 00000000, c0a80284, 0000a989, 00000001&gt; not found in table connections<BR />Result: 0<BR />Founded: 4 record(s)<BR />[Expert@FW2_R8040:0]#</P></DIV></DIV><DIV class="lia-panel lia-panel-standard MessageTagsTaplet Chrome lia-component-message-view-widget-tags"><DIV class="lia-decoration-border"><DIV class="lia-decoration-border-top"><DIV>** Estou anexando um arquivo já pronto.</DIV></DIV></DIV></DIV> Thu, 08 Oct 2020 14:19:59 GMT https://community.checkpoint.com/t5/Portugu%C3%AAs/Como-apagar-uma-entrada-na-tabela-de-conex%C3%B5es-com-ips/m-p/98558#M29 Edilson_Lyrio 2020-10-08T14:19:59Z Re: Como apagar uma entrada na tabela de conexões com ips específicos no Checkpoint https://community.checkpoint.com/t5/Portugu%C3%AAs/Como-apagar-uma-entrada-na-tabela-de-conex%C3%B5es-com-ips/m-p/121498#M38 <P>Obrigado Edilson!</P><P>&nbsp;</P> Thu, 17 Jun 2021 20:37:57 GMT https://community.checkpoint.com/t5/Portugu%C3%AAs/Como-apagar-uma-entrada-na-tabela-de-conex%C3%B5es-com-ips/m-p/121498#M38 Tierre_Amaral 2021-06-17T20:37:57Z