Difference between revisions of "fw tab - Check Point man page"
(→Example) |
(→Example) |
||
Line 66: | Line 66: | ||
Removes the entry from the specified table. | Removes the entry from the specified table. | ||
− | == | + | == Comments == |
− | Comments == | + | |
If table has the 'expire' attribute, entries added using the -a flag will receive the default table | If table has the 'expire' attribute, entries added using the -a flag will receive the default table |
Revision as of 18:16, 28 February 2014
Contents |
fw tab
Description
The fw tab command enables you to view kernel table contents and change them (that is, only dynamic tables since the content of a static table is indeed static).
Usage
fw tab [-tArgument | Description |
---|---|
-t <table> | Specifies a table for the command. |
-s | Displays a short summary of the table (s) information. |
-y | Specifies to not prompt a user before executing any commands. |
-f | Displays a formatted version of the table content. Every table may
have its own specific format style. |
-o <filename> | Dumps CL formatted output to filename, which can later be read by fw log or any other entity that can read FW log formats. |
-c | Displays formatted table information in common format. |
-r | Resolves IP addresses in formatted output. |
-x, -a, -e | It is possible to add or remove an entry from an existing dynamic table by using the -a or the -x flags, respectively. These flags must be followed by the -e flag and an entry description (<entry>).
Caution - Improper use of the -a and -x flags may cause system instability. |
[hostname] | A list of one or more targets. When not used, the local machine is used as the default target. |
Example
# fw tab -t <table-name> -a -e "1,2;3,4,5" or
or
# fw tab -t <table-name> -a -e "<1,2;3,4,5>"
Adds an entry: <00000001,00000002,00000003,00000004,00000005,>to <table-name>
# fw tab -t <table-name> -a -e "1,2,"
or
# fw tab -t <table-name> -a -e "<1,2>"
Adds an entry with only a key field: <00000001,00000002>
If table <table-name> contains the following<0000000,00000001,00000002> entry:
<0000000,00000001,00000002>
# fw tab-t <table-name> -x-e"0,1"
or
# fw tab-t <table-name> -x-e"0,1;2"
Removes the entry from the specified table.
Comments
If table has the 'expire' attribute, entries added using the -a flag will receive the default table
timeout.
This feature only works on local machine kernel tables and does not work on a remote machine's tables like additional fw tab commands.
The -x flag can be used independently of the -e flag in which case the entire table content is deleted.
This feature should only be used for debug purposes. It is not advisable to arbitrarily change the content of any kernel table since doing so may have unexpected results including unexpected security and connectivity
impacts.