How to manually delete an entry from the Connectio...

Kaspars_Zibarts · ‎2017-11-20

Not that you really need to use this often but it has saved my day once or twice a year. Great SK103876 is available but in a stressful situation calculating HEX numbers is the last thing you want to do and then compiling a complex command out of it is even more challenging

This one-liner actually gives you an opportunity to generate all fw tab kill commands in one file for a pair of given IP addresses. Tested on R80.10 GW but I'm fairly confident it would work in R77.

IPA="x.x.x.x"; IPB="y.y.y.y"; IPAHEX=`printf '%02x' ${IPA//./ }`; IPBHEX=`printf '%02x' ${IPB//./ }`; grep "$IPAHEX" table | grep "$IPBHEX" | grep "^<0000000" | awk '{print $1" "$2" "$3" "$4" "$5" "$6}'|sed 's/ //g'|sed 's/</fw tab -t connections -x -e /g'|sed 's/>//g'|sed 's/;//g' > listofall

You will need to dump all your current connections into a file called table first of course. You may add this to front of the above to make it true one-liner.. But I found it easier to do this in two steps as you have more control

fw tab -t connections -u > table

And result is in file called listofall. Then you just execute those commands by copy-paste for example or chmod the file itself and run it.

Here's an example

And of course, you can add port numbers if needed

PhoneBoy · ‎2017-11-20

Bravo!

SCANSEC_EdesLC · ‎2018-01-04

Nice.

Simon_Garay · ‎2018-07-24

Thank you very much for sharing this information.

MKIT_NMG · ‎2018-11-28

Modified it a bit, it's still ugly but we don't have to do anything now, apart from providing the values for IPA & IPB

#!/bin/bash

#Dump latest copy of connection table
fw tab -t connections -u > table

#Read input for IPA & IPB values
read -p "IPA: " IPAI
read -p "IPB: " IPBI

#The Decimal to Hex conversion takes place and generates the command file
IPA=${IPAI}; IPB=${IPBI}; IPAHEX=`printf '%02x' ${IPA//./ }`; IPBHEX=`printf '%02x' ${IPB//./ }`; grep "$IPAHEX" table | grep "$IPBHEX" | grep "^<0000000" | awk '{print $1" "$2" "$3" "$4" "$5" "$6}'|sed 's/ //g'|sed 's/</fw tab -t connections -x -e /g'|sed 's/>//g'|sed 's/;//g' > listofall

#Execute commands generated in the file
/bin/bash listofall

taladrovs · ‎2019-04-22

Hi,

Great post!

I tried to use this on R80.20 version but it didn´t work. Can anyone knows if I have to change something in the script?

Thanks a lot.

Duc_Nguyen_Anh · ‎2019-06-09

Greate !!

Many thank,

Brandon_Cotter · ‎2020-01-31

This really really saved the day for me today after SIP issues following a policy install (sk140112 "Traffic is dropped with error: "fw_handle_old_conn_recovery Reason: old packet rulebase drop"" for the Googlers). Thank you so much!

_Daniel_ · ‎2020-07-20

A wonderful post which saved us after changing a NAT rule to not to NAT but kept natting based on existing connections.

It was perfectly tested on R80.30

THANK you

Andrew_Rawlinso

Hi @Kaspars_Zibarts how would you go about using this including port numbers? We have a need to reset some connections coming in from particular source ports but leaving the other connections in place.

Kaspars_Zibarts

You can try this, seems to do the trick, I have highlighted the changed sections

IPA="x.x.x.x"; IPB="y.y.y.y"; SPORT="zzz"; DPORT="zzz"; SPORTHEX=`printf '%08x' ${SPORT}`; DPORTHEX=`printf '%08x' ${DPORT}`; IPAHEX=`printf '%02x' ${IPA//./ }`; IPBHEX=`printf '%02x' ${IPB//./ }`; grep "$IPAHEX" table | grep "$IPBHEX" | grep "$SPORTHEX" | grep "$DPORTHEX" | grep "^<0000000" | awk '{print $1" "$2" "$3" "$4" "$5" "$6}' |sed 's/ //g'|sed 's/</fw tab -t connections -x -e /g'|sed 's/>//g'|sed 's/;//g' > listofall

Andrew_Rawlinso

Thank you for your quick response - we will give this a try. Really appreciate the help.

How to manually delete an entry from the Connections Table