CheckPoint fw monitor exemple
Commande de contrôle des paquets arrivants et partants vers l'adresse 234.234.234.234 (hors Remote Desktop)fw monitor -e "accept src=234.234.234.234 or dst=234.234.234.234 and not (sport=3389 or dport=3389);"
Commande de contrôle du packet à destination du 172.18.2.1 au travers du Firewall
fw monitor -p all -e 'accept dst=172.18.2.1;'
monitor: getting filter (from command line)
monitor: compiling
monitorfilter:
Compiled OK.
monitor: loading
Sep 12 16:21:47 TOTO[LOG_CRIT] kernel: FW-1: monitor filter loaded
in chain (16):
0: -7ffffff0 (97748194) (00000001) tcpt inbound (tcp_tun)
1: -7f800000 (96396be4) (ffffffff) IP Options Strip (ipopt_strip)
2: - 2000000 (97732e50) (00000001) vpn decrypt (vpn)
3: - 1fffff6 (96398494) (00000001) Stateless verifications (asm)
4: - 1fffff2 (9775b87c) (00000001) vpn tagging inbound (tagging)
5: - 1fffff0 (97732460) (00000001) vpn decrypt verify (vpn_ver)
6: - 1000000 (963d8594) (00000003) SecureXL conn sync (secxl_sync)
7: 0 (9632b838) (00000001) fw VM inbound (fw)
8: 1 (963a5510) (00000002) wire VM inbound (wire_vm)
9: 10 (9634c458) (00000001) fw accounting inbound (acct)
10: 2000000 (9773576c) (00000001) vpn policy inbound (vpn_pol)
11: 10000000 (963d8bdc) (00000003) SecureXL inbound (secxl)
12: 7f600000 (9638d104) (00000001) fw SCV inbound (scv)
13: 7f750000 (964c168c) (00000001) TCP streaming (in) (cpas)
14: 7f800000 (96396e84) (ffffffff) IP Options Restore (ipopt_res)
15: 7fb00000 (964a75cc) (00000001) HA Forwarding (ha_for)
out chain (14):
0: -7f800000 (96396be4) (ffffffff) IP Options Strip (ipopt_strip)
1: - 1ffffff (97731a1c) (00000001) vpn nat outbound (vpn_nat)
2: - 1fffff0 (964c1800) (00000001) TCP streaming (out) (cpas)
3: - 1ff0000 (9775b87c) (00000001) vpn tagging outbound (tagging)
4: - 1f00000 (96398494) (00000001) Stateless verifications (asm)
5: 0 (9632b838) (00000001) fw VM outbound (fw)
6: 1 (963a5510) (00000002) wire VM outbound (wire_vm)
7: 2000000 (97734e24) (00000001) vpn policy outbound (vpn_pol)
8: 10000000 (963d8bdc) (00000003) SecureXL outbound (secxl)
9: 20000000 (97733e84) (00000001) vpn encrypt (vpn)
10: 60000000 (97747ac4) (00000001) tcpt outbound (tcp_tun)
11: 7f000000 (9634c458) (00000001) fw accounting outbound (acct)
12: 7f700000 (964c1a40) (00000001) TCP streaming post VM (cpas)
13: 7f800000 (96396e84) (ffffffff) IP Options Restore (ipopt_res)
monitor: monitoring (control-C to stop)
eth2c0:i0 (tcpt inbound)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:i1 (IP Options Strip)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:i2 (vpn decrypt)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:i3 (Stateless verifications)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:i4 (vpn tagging inbound)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:i5 (vpn decrypt verify)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:i6 (SecureXL conn sync)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:i7 (fw VM inbound )[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:I8 (wire VM inbound )[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:I9 (fw accounting inbound)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:I10 (vpn policy inbound)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:I11 (SecureXL inbound)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:I12 (fw SCV inbound)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:I13 (TCP streaming (in))[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:I14 (IP Options Restore)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:I15 (HA Forwarding)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth2c0:I16 (Chain End)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth1c0:o0 (IP Options Strip)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth1c0:o1 (vpn nat outbound)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth1c0:o2 (TCP streaming (out))[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth1c0:o3 (vpn tagging outbound)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth1c0:o4 (Stateless verifications)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
eth1c0:o5 (fw VM outbound)[60]: 10.10.1.117 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=512 seq=39937
Packet translaté
eth1c0:O6 (wire VM outbound )[60]: 172.19.1.1 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=10013 seq=39937
eth1c0:O7 (vpn policy outbound)[60]: 172.19.1.1 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=10013 seq=39937
eth1c0:O8 (SecureXL outbound)[60]: 172.19.1.1 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=10013 seq=39937
Packet encapsulé
eth1c0:O9 (vpn encrypt)[60]: 172.19.1.1 -> 172.18.2.1 (ICMP) len=60 id=47223
ICMP: type=8 code=0 echo request id=10013 seq=39937
Paquet après encapsulation
TOTO[admin]# fw monitor -p all -e 'accept dst=195.6.6.6;'
monitor: getting filter (from command line)
monitor: compiling
monitorfilter:
Compiled OK.
monitor: loading
Sep 12 16:25:08 TOTO[LOG_CRIT] kernel: FW-1: monitor filter loaded
in chain (16):
0: -7ffffff0 (97748194) (00000001) tcpt inbound (tcp_tun)
1: -7f800000 (96396be4) (ffffffff) IP Options Strip (ipopt_strip)
2: - 2000000 (97732e50) (00000001) vpn decrypt (vpn)
3: - 1fffff6 (96398494) (00000001) Stateless verifications (asm)
4: - 1fffff2 (9775b87c) (00000001) vpn tagging inbound (tagging)
5: - 1fffff0 (97732460) (00000001) vpn decrypt verify (vpn_ver)
6: - 1000000 (963d8594) (00000003) SecureXL conn sync (secxl_sync)
7: 0 (9632b838) (00000001) fw VM inbound (fw)
8: 1 (963a5510) (00000002) wire VM inbound (wire_vm)
9: 10 (9634c458) (00000001) fw accounting inbound (acct)
10: 2000000 (9773576c) (00000001) vpn policy inbound (vpn_pol)
11: 10000000 (963d8bdc) (00000003) SecureXL inbound (secxl)
12: 7f600000 (9638d104) (00000001) fw SCV inbound (scv)
13: 7f750000 (964c168c) (00000001) TCP streaming (in) (cpas)
14: 7f800000 (96396e84) (ffffffff) IP Options Restore (ipopt_res)
15: 7fb00000 (964a75cc) (00000001) HA Forwarding (ha_for)
out chain (14):
0: -7f800000 (96396be4) (ffffffff) IP Options Strip (ipopt_strip)
1: - 1ffffff (97731a1c) (00000001) vpn nat outbound (vpn_nat)
2: - 1fffff0 (964c1800) (00000001) TCP streaming (out) (cpas)
3: - 1ff0000 (9775b87c) (00000001) vpn tagging outbound (tagging)
4: - 1f00000 (96398494) (00000001) Stateless verifications (asm)
5: 0 (9632b838) (00000001) fw VM outbound (fw)
6: 1 (963a5510) (00000002) wire VM outbound (wire_vm)
7: 2000000 (97734e24) (00000001) vpn policy outbound (vpn_pol)
8: 10000000 (963d8bdc) (00000003) SecureXL outbound (secxl)
9: 20000000 (97733e84) (00000001) vpn encrypt (vpn)
10: 60000000 (97747ac4) (00000001) tcpt outbound (tcp_tun)
11: 7f000000 (9634c458) (00000001) fw accounting outbound (acct)
12: 7f700000 (964c1a40) (00000001) TCP streaming post VM (cpas)
13: 7f800000 (96396e84) (ffffffff) IP Options Restore (ipopt_res)
monitor: monitoring (control-C to stop)
eth1c0:O10 (tcpt outbound)[112]: 210.1.1.1-> 195.6.6.6(50) len=112 id=50449
eth1c0:O11 (fw accounting outbound)[112]: 210.1.1.1 -> 195.6.6.6(50) len=112 id=50449
eth1c0:O12 (TCP streaming post VM)[112]: 210.1.1.1-> 195.6.6.6(50) len=112 id=50449
eth1c0:O13 (IP Options Restore)[112]: 210.1.1.1-> 195.6.6.6(50) len=112 id=50449
eth1c0:O14 (Chain End)[112]: 210.1.1.1-> 195.6.6.6(50) len=112 id=50449
posted by Hervé SCHLECHT @ 4:35 PM
<< Home