Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HeikoAnkenbrand
Champion Champion
Champion

'fw ctl conntab -x' issue in R81.10

 

From R81 it is possible to delete all sessions matching the filter with the command "fw ctl conntab -x ".

Unfortunately, this does not work for the "rule" filter. Here the complete connection table is deleted 😞

For example:

fw ctl conntab -x -rule=3

Tested with R81.10.

---

fw ctl conntab -h


Usage:
-h/-help # Display this help menu
-x # Delete the selected entries (without this flag, entries are only printed)
-sport # Filter by source port or source port range
-dport # Filter by destination port or detination port range
-proto # Filter by IP protocol or IP protocol range
-sip # Filter by source IP or source IP range
-dip # Filter by destination IP or detination IP range
-rule # Filter by rule or rule range
-service # Filter by service
-type # Filter by type bitmask
-flags # Filter by flags bitmask
-state # Filter by TCP state (SYN_SENT, SYN_ACK, ESTABLISHED, SRC_FIN, DST_FIN, BOTH_FIN)
Using multiple options will display only entries that match both criteria (x AND y)

Usage Examples:
* Display / Delete all port 80 connections in state BOTH_FIN:
fw ctl conntab [-x] -state=BOTH_FIN -dport=80
* Display / Delete all connections from 192.168.X.X:
fw ctl conntab [-x] -sip=192.168.0.0-192.168.255.255
* Display / Delete all old connections:
fw ctl conntab [-x] -flags=0x100/0x100

 

➜ CCSM Elite, CCME, CCTE
6 Replies
HeikoAnkenbrand
Champion Champion
Champion

Any news in this case from Check Point?

➜ CCSM Elite, CCME, CCTE
0 Kudos
Ilya_Yusupov
Employee
Employee

Hi @HeikoAnkenbrand ,

 

can you share if you got any error message?

0 Kudos
shais
Employee
Employee

Hi,
We are not aware of this issue and are unable to reproduce this in our setup.

Can you please open a ticket with support? this will allow us to get all the required info and do a remote session

0 Kudos
G_W_Albrecht
Legend
Legend

Seems to be fixed in R81.20:

fw ctl conntab -x -rule=3

deletes only the rule 3 connections

CCSE CCTE CCSM SMB Specialist
HeikoAnkenbrand
Champion Champion
Champion

If you delete the connection in the connection table, it is still contained in the acceleration table and in the Dynamic Dispatcher table. Therefore, you may have some negative effects.

After deletion, they were still contained in the following tabel:

fw ctl multik gconn -p      -> Dynamic Dispacher tabel
fwaccel conns                    -> Acceleration tabel

Personally, I would be very careful about deleting the connetions.

---

Maybe Check Point's R&D can say something about this topic.

➜ CCSM Elite, CCME, CCTE
0 Kudos
G_W_Albrecht
Legend
Legend

Very true - but the rule filter works now...

CCSE CCTE CCSM SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events