Source IP = 10.10.10.10
Destination IP = 10.10.10.11
[Expert@cpmodule]# fw monitor -e 'accept src=10.10.10.10 or dst=10.10.10.11;'
monitor: getting filter (from command line)
monitor: compiling
monitorfilter:
Compiled OK.
monitor: loading
monitor: monitoring (control-C to stop)
^C
monitor: caught sig 2
monitor: unloading
[Expert@cpmodule]# cat $FWDIR/tmp/monitorfilter.pf
#define src ip_src
#define dst ip_dst
#define sport th_sport
#define dport th_dport
#include "tcpip.def"
accept src=10.10.10.10 or dst=10.10.10.11;
monitor: getting filter (from command line)
monitor: compiling
monitorfilter:
Compiled OK.
monitor: loading
monitor: monitoring (control-C to stop)
^C
monitor: caught sig 2
monitor: unloading
[Expert@cpmodule]# cat $FWDIR/tmp/monitorfilter.pf
#define src ip_src
#define dst ip_dst
#define sport th_sport
#define dport th_dport
#include "tcpip.def"
accept src=10.10.10.10 or dst=10.10.10.11;
Reference:
How to use fw monitor (page 36)
http://www.checkpoint.com/techsupport/downloads/html/ethereal/fw_monitor_rev1_01.pdf
FW MONITOR
http://www.cpug.org/check_point_resources/FW MONITOR_expert.doc
No comments:
Post a Comment