- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Not that you really need to use this often but it has saved my day once or twice a year. Great SK103876 is available but in a stressful situation calculating HEX numbers is the last thing you want to do and then compiling a complex command out of it is even more challenging
This one-liner actually gives you an opportunity to generate all fw tab kill commands in one file for a pair of given IP addresses. Tested on R80.10 GW but I'm fairly confident it would work in R77.
IPA="x.x.x.x"; IPB="y.y.y.y"; IPAHEX=`printf '%02x' ${IPA//./ }`; IPBHEX=`printf '%02x' ${IPB//./ }`; grep "$IPAHEX" table | grep "$IPBHEX" | grep "^<0000000" | awk '{print $1" "$2" "$3" "$4" "$5" "$6}'|sed 's/ //g'|sed 's/</fw tab -t connections -x -e /g'|sed 's/>//g'|sed 's/;//g' > listofall
You will need to dump all your current connections into a file called table first of course. You may add this to front of the above to make it true one-liner.. But I found it easier to do this in two steps as you have more control
fw tab -t connections -u > table
And result is in file called listofall. Then you just execute those commands by copy-paste for example or chmod the file itself and run it.
Here's an example
And of course, you can add port numbers if needed
Bravo!
Nice.
Thank you very much for sharing this information.
Modified it a bit, it's still ugly but we don't have to do anything now, apart from providing the values for IPA & IPB
#!/bin/bash
#Dump latest copy of connection table
fw tab -t connections -u > table
#Read input for IPA & IPB values
read -p "IPA: " IPAI
read -p "IPB: " IPBI
#The Decimal to Hex conversion takes place and generates the command file
IPA=${IPAI}; IPB=${IPBI}; IPAHEX=`printf '%02x' ${IPA//./ }`; IPBHEX=`printf '%02x' ${IPB//./ }`; grep "$IPAHEX" table | grep "$IPBHEX" | grep "^<0000000" | awk '{print $1" "$2" "$3" "$4" "$5" "$6}'|sed 's/ //g'|sed 's/</fw tab -t connections -x -e /g'|sed 's/>//g'|sed 's/;//g' > listofall
#Execute commands generated in the file
/bin/bash listofall
Hi,
Great post!
I tried to use this on R80.20 version but it didn´t work. Can anyone knows if I have to change something in the script?
Thanks a lot.
Greate !!
Many thank,
A wonderful post which saved us after changing a NAT rule to not to NAT but kept natting based on existing connections.
It was perfectly tested on R80.30
THANK you
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY