Transform Your Data Center Management:
The Power of Check Point's MFaaS
Mastering Endpoint Security -
Best Practices for 2024
Customer Threat Prevention
& Vulnerability Management Survey
CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!
CheckMates Go:
Harmony SASE
Going through my bit buckets of useful Check Point stuff, here's a version I wrote that validates the input and asks before deleting.
#!/bin/bash
#
# Check Point Firewall Connection Killer
#
# Version 0.02
#
# Changelog
# v0.01
# First release
# v0.02
# Added valid_ip
#
#
# Based on the post at https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/How-to-manually-delete-an-entry-from-the-Connections-Table/td-p/13122
#
# It's crude and uses temporary files instead of stored arrays, could do with a fair bit of improvement BUT IT WORKS.
#
# Limited to IP's for now... conn table format at https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk65133
# for whoever wants to nail it down to ports.
#
# Credits: Kaspars_Zibarts https://community.checkpoint.com/t5/user/viewprofilepage/user-id/11456
# MKIT_NMG https://community.checkpoint.com/t5/user/viewprofilepage/user-id/4907
# Mitch Frazier for valid_ip https://www.linuxjournal.com/content/validating-ip-address-bash-script
echo "Check Point Firewall Connection Killer"
# fns
display_usage() {
echo -e "\nPlease ensure you are in the correct VS"
echo -e "\nUsage:\ncpfck IP1 IP2\n"
}
valid_ip()
{
local ip=$1
local stat=1
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
OIFS=$IFS
IFS='.'
ip=($ip)
IFS=$OIFS
[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
&& ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
stat=$?
fi
return $stat
}
# usage
if [ $# -le 1 ]
then
display_usage
exit 1
fi
if [[ ( $# == "--help") || $# == "-h" ]]
then
display_usage
exit 0
fi
#Read input for IPA & IPB values and test
IPA=$1
IPB=$2
#IP Test
for IP in "$@"
do
if ! valid_ip $IP
then
echo -e "\nBad IP: $IP! Please correct and try again."
display_usage
exit 1
fi
done
#The Decimal to Hex conversion
IPAHEX=$(printf '%02x' ${IPA//./ })
IPBHEX=$(printf '%02x' ${IPB//./ })
echo Checking connection table for VS $vsname...
echo
# dump connection table, do stuff
fw tab -t connections -u | grep "$IPAHEX" | grep "$IPBHEX" | grep "^<0000000" | awk '{print $1" "$2" "$3" "$4" "$5" "$6}'|sed 's/ //g'|sed 's/</fw tab -t connections -x -e /g'|sed 's/>//g'|sed 's/;//g' > listofall
#Execute commands generated in the file
echo -e "\nThe following connections were found in the connection table:"
echo
cat listofall
echo "do you wish to delete them?"
select yn in "Yes" "No"; do
case $yn in
Yes ) echo ; echo "deleting connections..."; /bin/bash listofall; echo "the specified connections were deleted"; break;;
No ) echo "no connections were deleted"; exit;;
esac
doneAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY