Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alain_Yamin
Participant

Can you update a "fw sam" entry instead of removing and readding it?

Hi Checkmates,

we use a custom script to temporarily block malicious IPs with SAM rule. Currently, each time an operator needs to extend a blocked IP, he needs to remove the SAM rule and add it using the -t (timeout) argument.

Is there a way to update the SAM entry instead of having to remove and adding it again?

This is done via the command line.

Thanks!

1 Reply
Matt_Ricketts
Employee
Employee

No. The only way to update the Expiration time is to remove it first. But since you are doing this via command line, you can remove it via CLI before adding it in again.

fw sam -s MgmtIP -C -l long_alert -J src IP2Block
fw sam -s MgmtIP -t 604800 -l long_alert -J src IP2Block

the -C before the SAM entry will remove it. The example above first removes an entry and then adds it in again. The timeout is not needed on the remove, but in my quick testing, it appears that the -l (log type) is.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events