Como apagar uma entrada na tabela de conexões com ...

Edilson_Lyrio · ‎2020-10-08

Eu gostaria de compartilhar com todos uma melhoria no script para apagar um conexão na tabela automaticamente.

A ideia do ajuste veio a partir do post abaixo.

Créditos para o post Original:https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/How-to-manually-delete-an-entry-f...
O script coleta e converte os ips específicos e faz a limpeza na tabela de conexão, pode ser utilizado em todas as versões R80.X

(esse post foi criado também no CheckMates em Inglês)

- Crie um arquivo com o conteúdo abaixo (ex:del_conn.sh)

#!/bin/bash

logfile="$0.log"

help() {
echo -e "Drop connection from table\n"
echo -e "Usage: "
echo -e "\t $0 <Source> <Destination>"
echo -e "e.g."
echo -e "\t $0 10.10.10.10 20.20.20.20"
echo -e ""
}

main() {
if [[ $# -ne 2 ]]; then
help
exit
fi
IPA=$1
IPB=$2

echo "Are you sure to delete connections on IP $1 and $2? [y/N]"
read confirm2
if [ "$confirm2" != "y" -a "$confirm2" != "Y" ]
then
echo "Aborted by user!!!!"
exit
fi

IPAHEX=`printf '%02x' ${IPA//./ }`;
IPBHEX=`printf '%02x' ${IPB//./ }`;

echo "Parameters: Source: $IPA ($IPAHEX) | Destination: $IPB ($IPBHEX)"

OIFS=IFS
IFS=$'\n'
count=0
echo "Querying table connection"
for li in `fw tab -t connections -u | grep "$IPAHEX" | grep "$IPBHEX" | grep "^<0000000"`; do
count=$((count+1))
echo "Record match: $li"
for cmd in `echo "$li" | awk '{print $1" "$2" "$3" "$4" "$5" "$6}' |sed 's/ //g' |sed 's/<//g' |sed 's/>//g' |sed 's/;//g'`; do
echo "Running: fw tab -t connections -x -e $cmd"
eval "fw tab -t connections -x -e $cmd"
echo "Result: $?"
done
done
IFS=OIFS
echo "Founded: $count record(s)"
}

main $1 $2 | tee -a $logfile

-------------------

Ajuste o arquivo para execução:

- dos2unix del_conn.sh
- chmod +x del_conn.sh

- Teste script conforme o exemplo abaixo:
Usage:
./del_conn.sh <Source> <Destination>
e.g.
./del_conn.sh 10.10.10.10 20.20.20.20

[Expert@FW2_R8040:0]# ./del_conn.sh 10.10.10.125 8.8.8.8
Are you sure to delete connections on IP 10.10.10.125 and 8.8.8.8? [y/N]
y
Parameters: Source: 10.10.10.125 (0a0a0a7d) | Destination: 8.8.8.8 (08080808)
Querying table connection
Record match: <00000001, 08080808, 00000000, 0a0a0a7d, 00005871, 00000001> -> <00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001> (00000805)
Running: fw tab -t connections -x -e 00000001,08080808,00000000,0a0a0a7d,00005871,00000001
Entry <00000001, 08080808, 00000000, 0a0a0a7d, 00005871, 00000001>
deleted from table connections
Result: 0
Record match: <00000001, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001> -> <00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001> (00000802)
Running: fw tab -t connections -x -e 00000001,0a0a0a7d,00005871,08080808,00000000,00000001
<00000001, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001> not found in table connections
Result: 0
Record match: <00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001; 00010001, 40006080, 00000000, 00000176, 00000000, 5f7f12a1, 00000000, c9b5574b, e911ea8e, 00000002, 00000002, 00000001, 00000001, 00000000, 00000000, 80000080, 00000000, 00000000, 956bc748, 00007f91, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, df1f9800, 00000000, 00000000, 00000000, 00000000, 00000000; 7/30>
Running: fw tab -t connections -x -e 00000000,0a0a0a7d,00005871,08080808,00000000,00000001
<00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001> not found in table connections
Result: 0
Record match: <00000000, 08080808, 00000000, c0a80284, 0000a989, 00000001> -> <00000000, 0a0a0a7d, 00005871, 08080808, 00000000, 00000001> (00000806)
Running: fw tab -t connections -x -e 00000000,08080808,00000000,c0a80284,0000a989,00000001
<00000000, 08080808, 00000000, c0a80284, 0000a989, 00000001> not found in table connections
Result: 0
Founded: 4 record(s)
[Expert@FW2_R8040:0]#

Como apagar uma entrada na tabela de conexões com ips específicos no Checkpoint