Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Authority
Authority

How to manually delete an entry from the Connections Table

Not that you really need to use this often but it has saved my day once or twice a year. Great SK103876 is available but in a stressful situation calculating HEX numbers is the last thing you want to do and then compiling a complex command out of it is even more challenging 

This one-liner actually gives you an opportunity to generate all fw tab kill commands in one file for a pair of given IP addresses. Tested on R80.10 GW but I'm fairly confident it would work in R77. 

IPA="x.x.x.x"; IPB="y.y.y.y"; IPAHEX=`printf '%02x' ${IPA//./ }`; IPBHEX=`printf '%02x' ${IPB//./ }`; grep "$IPAHEX" table | grep "$IPBHEX" | grep "^<0000000" | awk  '{print $1" "$2" "$3" "$4" "$5" "$6}'|sed 's/ //g'|sed 's/</fw tab -t connections -x -e /g'|sed 's/>//g'|sed 's/;//g' > listofall

You will need to dump all your current connections into a file called table first of course. You may add this to front of the above to make it true one-liner.. But I found it easier to do this in two steps as you have more control

fw tab -t connections -u > table

And result is in file called listofall. Then you just execute those commands by copy-paste for example or chmod the file itself and run it.

Here's an example 

manually clear connections

And of course, you can add port numbers if needed

Tags (1)
8 Replies
Highlighted
Admin
Admin

Bravo!

Collaborator

Nice.

0 Kudos
Highlighted
Contributor

Thank you very much for sharing this information. 

0 Kudos
Highlighted
Participant

Modified it a bit, it's still ugly but we don't have to do anything now, apart from providing the values for IPA & IPB

#!/bin/bash

#Dump latest copy of connection table
fw tab -t connections -u > table

#Read input for IPA & IPB values
read -p "IPA: " IPAI
read -p "IPB: " IPBI

#The Decimal to Hex conversion takes place and generates the command file
IPA=${IPAI}; IPB=${IPBI}; IPAHEX=`printf '%02x' ${IPA//./ }`; IPBHEX=`printf '%02x' ${IPB//./ }`; grep "$IPAHEX" table | grep "$IPBHEX" | grep "^<0000000" | awk  '{print $1" "$2" "$3" "$4" "$5" "$6}'|sed 's/ //g'|sed 's/</fw tab -t connections -x -e /g'|sed 's/>//g'|sed 's/;//g' > listofall

#Execute commands generated in the file
/bin/bash listofall

Highlighted
Explorer

Hi,

Great post!

I tried to use this on R80.20 version but it didn´t work. Can anyone knows if I have to change something in the script?

Captura.PNG

 Thanks a lot.

 

0 Kudos
Highlighted
Explorer

Greate !!

Many thank,

0 Kudos
Highlighted
Contributor

This really really saved the day for me today after SIP issues following a policy install (sk140112 "Traffic is dropped with error: "fw_handle_old_conn_recovery Reason: old packet rulebase drop"" for the Googlers). Thank you so much!
0 Kudos
Highlighted
Contributor

A wonderful post which saved us after changing a NAT rule to not to NAT but kept natting based on existing connections.

It was perfectly tested on R80.30

THANK you