Create a Post

'fw ctl conntab -x' issue in R81.10

 

From R81 it is possible to delete all sessions matching the filter with the command "fw ctl conntab -x ".

Unfortunately, this does not work for the "rule" filter. Here the complete connection table is deleted 😞

For example:

fw ctl conntab -x -rule=3

Tested with R81.10.

---

fw ctl conntab -h


Usage:
-h/-help # Display this help menu
-x # Delete the selected entries (without this flag, entries are only printed)
-sport # Filter by source port or source port range
-dport # Filter by destination port or detination port range
-proto # Filter by IP protocol or IP protocol range
-sip # Filter by source IP or source IP range
-dip # Filter by destination IP or detination IP range
-rule # Filter by rule or rule range
-service # Filter by service
-type # Filter by type bitmask
-flags # Filter by flags bitmask
-state # Filter by TCP state (SYN_SENT, SYN_ACK, ESTABLISHED, SRC_FIN, DST_FIN, BOTH_FIN)
Using multiple options will display only entries that match both criteria (x AND y)

Usage Examples:
* Display / Delete all port 80 connections in state BOTH_FIN:
fw ctl conntab [-x] -state=BOTH_FIN -dport=80
* Display / Delete all connections from 192.168.X.X:
fw ctl conntab [-x] -sip=192.168.0.0-192.168.255.255
* Display / Delete all old connections:
fw ctl conntab [-x] -flags=0x100/0x100

 

0 Kudos
3 Replies

Any news in this case from Check Point?

0 Kudos
Ilya_Yusupov
Employee
Employee

Hi @HeikoAnkenbrand ,

 

can you share if you got any error message?

0 Kudos
shais
Employee
Employee

Hi,
We are not aware of this issue and are unable to reproduce this in our setup.

Can you please open a ticket with support? this will allow us to get all the required info and do a remote session

0 Kudos