fw1-tool.pl and vsx / connection/state table

[gnujuba]

hi cpusers,

anybody out there tried to use fw1-tool.pl* to show the connection/state table on VSX in different VSs?

fw tab needs a extra option "-vs X" and as I am not "perl" enough to mod the script I thought I ask here :-/

thanks and best regards

gnujuba

(*) http://www.fw-1.de/aerasec/download/...ol/fw1-tool.pl

[melipla]

I believe you need to change this:

Quote:

# Add fw[6] command
$command .= " tab -u -t " . $table;

to this:

Quote:

# Add fw[6] command
$command .= " tab -u -t -vs X" . $table;

Its too bad this script isn't set up for R65 or I'd try it. However I can't say how the new option will change the parsing of the data...

[gnujuba]

thats what I did i.e. for vs 5:

$command .= " -vs 5 tab -u";
and
$command .= " -vs 5 tab -u -t " . $table;

(I dont know which one is the right one)


to make it work with VSX on Crossbeam I used the local/fallback option and modified FWDIR and CPDIR:

my %FW1_setup = (
'fallback' => {
'FWDIR' => "/opt/CPfw1-V30",
'CPDIR' => "/opt/CPshrd-V30"
},

looks good:

fw1-tool.pl (P) & (C) 2003-2006 by Dr. Peter Bieringer <info@aerasec.de>
Version: 3.4

Connection table is taken from firewall version 5.x

---- FW-1 CONNECTION ENTRIES ---: 17:52:28
CON: Source SPort Dest DPort Proto Timeout
CON: 10.182.166.119 20226 172.21.120.150 snmptrap udp 4/40
CON: 10.182.174.122 53043 172.21.207.54 ldaps tcp 3119/3600
CON: 10.182.164.113 59014 172.21.207.54 ldaps tcp 3169/3600
CON: 10.182.175.96 33995 172.21.128.15 domain udp 2/40
CON: 10.182.174.107 62110 172.21.120.141 5156 tcp 3465/3600
CON: 172.21.84.21 3621 10.182.174.105 1535 tcp 3/20
CON: 10.183.164.114 42102 10.182.174.108 1523 tcp 3011/3600
CON: 172.21.120.148 42949 10.182.174.10 1560 tcp 3277/3600
CON: 172.21.84.21 2450 10.182.174.105 1535 tcp 11962/14400
....

so it works, but an additional switch like "-VS-NUMBER" would be very nice :-)

regards

gnujuba