Danny Jung

One-liner for Address Spoofing Troubleshooting

Discussion created by Danny Jung Champion on Jun 21, 2018
Latest reply on Jul 3, 2018 by Dan Roddy

Hello CheckMates,

 

I created a One-liner (Bash) that provides a nice summary about each interfaces' calculated topology and address spoofing setting.

$FWDIR/state/local/FW1/local.set contains all required information regarding interfaces and their topology.

echo; egrep -B1 $'ifindex|:ipaddr|\(\x22<[0-9]|has_addr_info|:monitor_only|:external' $FWDIR/state/local/FW1/local.set | sed 's/[\x22\t()<>-]//g' | sed '$!N;s/\n:ipaddr6/ IPv6/;P;D' | sed '/IPv6/!s/://g' | sed 's/interface_topology/\tCalculated Interface Topology/g' | sed '0,/ifindex 0/{/ifindex 0/d;}' | sed '/ifindex 0/q' | sed '/spoof\|scan/d' | sed 's/has_addr_info true/\tAddress Spoofing Protection: Enabled/g' | sed 's/has_addr_info false/\tAddress Spoofing Protection: Disabled/g' | sed -e '/Prot/{n;d}' | sed '$!N;s/\nmonitor_only true/ (Detect Mode)/;P;D' | sed '$!N;s/\nmonitor_only false/ (Prevent Mode)/;P;D' | sed '$!N;s/\nexternal false/ - Internal Interface/;P;D' | sed '$!N;s/\nexternal true/ - External Interface/;P;D' | tac | sed '/ifindex 0/I,+2 d' | tac | sed '/ifindex/d' | sed 's/,/ -/g' | sed '$!N;s/\nipaddr/ >/;P;D' | sed '/ - /s/^ /\t/' | egrep -C 9999 --color=auto $'>|IPv6|External|Disabled|Detect'; echo

The One-liner is IPv4 and IPv6 compatible, works on clustered and single gateway environments, shows all interface types configured in your firewall object within SmartDashboad, colors specific words of the output for better notification of important settings, adds additional information regarding Address Spoofing setting and mode as well as the topology type of each interface and is of course completely integrated within our ccc script .

 

Thanks to Tim Hall's preliminary work in this thread.

Thanks to Norbert Bohusch for IPv6 support and testing.

Thanks to Heiko Ankenbrand for challenging me.

Outcomes