Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 4055 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Search firewall rule for an ip

MoMx

lets say i have 100 rules and i would like to know which rule have a spepcific IP inside . how can i do that using the GUI ?

if it is not there then we should ask for a feature request as this is important . epecially when you want to delete an IP and it say it is already used . 



This thread was automatically locked due to age.
Parents
  • +1

    Hi,

    open log viewer and add a filter, that will show all the rules that the IP address uses.
    ian

  • 0 in reply to rfcat_vk

    is that will show the IP if it already connected to the netweork and have connection or not ?

     

    i mean i think you answer can work only if the ip had already logs ( connecting or connected to the firewall before )

     

    but i mean what if the IP didnot yet connect to the firewall , if your answer will work ?

  • 0 in reply to MoMx

    As i said the suggested answer will work ONLY when the IP already has a connection logs before . but if it is anew IP and never conncted to the firewall it will not show . 

     

    i need to have find the IP when it never connected to the firewall before . 

     

    NOTE: please dont suggest using the plicyTest . i dont want it that way . 

Reply
  • 0 in reply to MoMx

    As i said the suggested answer will work ONLY when the IP already has a connection logs before . but if it is anew IP and never conncted to the firewall it will not show . 

     

    i need to have find the IP when it never connected to the firewall before . 

     

    NOTE: please dont suggest using the plicyTest . i dont want it that way . 

Children
  • 0 in reply to MoMx

    Hi,

    If an IP address has never connected to the firewall there will not be any record of it in the firewall logs.

    Ian

  • 0 in reply to rfcat_vk

    Yes thats what i know . now how can i achive what i am looking for ?

     

    i am pretty sure we will end up with asking for new feature 

  • +1 in reply to MoMx

    Hi,

    there is no way to archive this via Webinterface and neither there is a comfortable way via cli (you could check iptables -L on Linux Shell, but it would be a much work and it don't tell wich Rule ID results in the Entry)

     

    as i think about this maybe config DB could help:

     

    first search the Hosts defintion for your wanted IP or Net:

    psql -U nobody -d corporate -c "select * from tblhost where netid like '192.168.0.%'" (i 'prefix' the query with my Lab internal Subnet because the Hosts definition list ist very long full of country Net definitions)

     

     

    search for the host ID of the Host and the Net of the Host

    in my Case 356 (net_lan_192.168.0.0) and 357 (srv_nas.lna.loc)

     

    then check the firewallsource table for the given Host-IDs

    psql -U nobody -d corporate -c "select * from tblfwsource where hostid = '357' or hostid = '356'"

     

    now you'll see the only rule which matches is Rule 8.

    BUT Please be aware that rules like Source: "Zone LAN / Net ANY"  won't be shown in this table.

    in addition you'll need to check the Webinterface for rules wich contains your Source Zone and "Any Network".

     

    hope this helps.

     

    if you open a feature Request, please post it here i'll vote for it.

     

    Yours Lukas