How to view FW rules via CLI

Question

Hey , 
 
 Does anyone know if theres a way to view the FW rule base via the CLI ? 
 
 Thanks

FormerMember · Answer

Hi Sophos User2702 , 
 You can filter out conntrack with source/destination IP address. You'll find ' fwid ' field in the output. 
 # conntrack -E | grep -i "IP_Address" 
 eg: conntrack -E | grep -i "192.168.1.1" 
 UPDATE] proto=tcp proto-no=6 timeout=60 state=SYN_RECV orig-src=192.168.1.1 orig-dst=xx.xx.xx.xx orig-sport=55428 orig- dport =443 reply-src=192.168.88.243 reply-dst=192.168.1.1reply-sport=3128 reply-dport=55428 mark=0x8001 id=2113646912 masterid=0 devin=Port1 devout= nseid=0 ips=0 sslvpnid=0 webfltid=1 appfltid=8 icapid=0 policytype=1 fwid=3 natid=0 fw_action=1 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0 sigoffload=0 inzone=1 outzone=2 devinindex=5 devoutindex=0 hb_src=0 hb_dst=0 flags0=0x8002000220840a flags1=0x42000200048 flagvalues=1,3,10,15,21,25,41,55,67,70,85,101,106 catid=0 user=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=fa:16:3e:f3:94:10 src_mac=fa:16:3e:f3:63:6b startstamp=1628764837 microflow[0]=INVALID microflow[1]=INVALID hostrev[0]=0 hostrev[1]=0 ipspid=0 diffserv=0 loindex=6 tlsruleid=0 ips_nfqueue=0 sess_verdict=0 gwoff=0 cluster_node=0 current_state[0]=6158 current_state[1]=6158 vlan_id=0 inmark=0x0 brinindex=0 sessionid=3358 sessionidrev=8007 session_update_rev=0 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 conn_fp_id=NOT_OFFLOADED 
 Click here to know more information on 'CLI troubleshooting tools'.