There is something I didn’t include in the previous post fw monitor command reference about fw monitor as I think it is rather optional and you can do well without it . I talk about tables in defining filter expressions. INSPECT – proprietary scripting language by the Checkpoint on which filtering expressions are based allows creating tables.
I won’t delve into INSPECT syntax (for today) but will list the following examples you can easily modify to suit your needs.
I won’t delve into INSPECT syntax (for today) but will list the following examples you can easily modify to suit your needs.
Legend:
{} – delimit the table
<,> – specify range of values inside (e.g. <22,25> means from 22 up to 25 inclusive)
ifid – interface identifier
#fw monitor -e “bad_ports = static {22,25,443}; accept dport in bad_ports;” packets with destination port being equal to 22,25 or 443
#fw monitor -e ” bad_ports = static {<22,25>} ; accept dport in bad_ports;” packets with destination ports being equal to 22,23,24 or 25
# fw monitor -e ” bad_ports = static {<22,25>,<80,443>} ; accept dport in bad_ports;” packets with destination ports being in ranges 22-25 or 80-443
#fw monitor -e “bad_nets = static {<194.1.0.0,194.1.255.255>} ;accept src in bad_nets;” packets originated in range of networks 194.1.0.0 – 194.1.255.255
#fw ctl iflist Here I see what are the index values of each interface card
0 : Internal
1 : External
#fw monitor -e “bad_nets = static {<194.1.0.0,194.1.255.255>} ;accept src in bad_nets and ifid=0;” packets originated in range of networks 194.1.0.0 – 194.1.255.255 and captured on interface eth3 only
#fw monitor -e ” bad_ports = static {<22,25>} ; accept dport in bad_ports;” packets with destination ports being equal to 22,23,24 or 25
# fw monitor -e ” bad_ports = static {<22,25>,<80,443>} ; accept dport in bad_ports;” packets with destination ports being in ranges 22-25 or 80-443
#fw monitor -e “bad_nets = static {<194.1.0.0,194.1.255.255>} ;accept src in bad_nets;” packets originated in range of networks 194.1.0.0 – 194.1.255.255
#fw ctl iflist Here I see what are the index values of each interface card
0 : Internal
1 : External
#fw monitor -e “bad_nets = static {<194.1.0.0,194.1.255.255>} ;accept src in bad_nets and ifid=0;” packets originated in range of networks 194.1.0.0 – 194.1.255.255 and captured on interface eth3 only
Post a Comment