af-db.sh
Prev Kernun UTM Reference (8) Next

Name

af-db.sh — Adaptive Firewall database management tool

Synopsis

af-db.sh [-h] [-f db-file] [-v] [table|db] command [parameters]

Description

Utility af-db.sh provides a user interface to the blacklist databases of the Adaptive Firewall (see adaptive-firewall(7) manual page) module.

For the list of tables, see the adaptive-firewall(5) manual page, or run the script with the -h option.

Options

The script options are as follows:

-f

Use given filename. By default, the standard filename is used, according to the table name selected.

-h

Print usage and exit.

-v

Be more verbose; print also all SQL commands being executed.

Commands

feed [address...]

Exports data from IDS databases, makes a new IPS database.

  • Addresses in the parameter are temporary whitelisted, i.e. they will not be included in the IPS database.

db remove [-y]

Removes an Adaptive Firewall database.

  • If the -y option is used, the script does not query to confirm the removal.

db list

Prints list of tables in given database file.

db find { IP-address | regular-expression }

Finds all occurences of an IP address or an IP address pattern in all tables of given database.

table show [-uR] [-tc] [-r] [-n num] [-fF flag]

Displays content of a database table. By default, it sorts the output by IP addresses.

The output format for all tables begins by four columns (ADDRESS, FLAGS, COUNT, LAST). For the SSHD table, there is another colmun at the end of line showing the difference (in seconds) between the LAST occurence and the occurence number num given by the -n option.

  • If the -c option is used, the items are sorted by number of occurences.

  • If the -f option is used, only the items having given flag set are printed.

  • If the -F option is used, only the items having given flag unset are printed.

  • If the -r option is used, the items are sorted in reverted (descending) order.

  • If the -R option is used, the items are printed in raw format (no formatting).

  • If the -t option is used, the items are sorted by time of last occurence.

  • If the -u option is used, the times are shown in UTC instead of local time.

table add [flag] IP-address { +time-offset | -time-offset | 0 }...

Warning

SSHD table version...

Adds given client to the table with any number of recent occurences set as current time plus/minus given offset(s) and flag set accordingly.

table add [flag] { +time-offset | -time-offset | 0 } IP-address...

Warning

Non-SSHD table version...

Adds given clients to the table with last time set as current time plus/minus given offset and flag set accordingly.

table del IP-address...

Deletes given clients from the database.

table find { IP-address | regular-expression }

Finds all occurences of an IP address or an IP address pattern in given DB table.

table flush

Removes the whole content of given DB table.

See Also

Kernun: adaptive-firewall(7)

Authors

This man page is a part of Kernun Firewall.
Copyright © 2000–2023 Trusted Network Solutions, a. s.
All rights reserved.

Prev Up Next
Kernun UTM Reference (8) Home alertd