summaryrefslogtreecommitdiffstats
path: root/test.sh
diff options
context:
space:
mode:
Diffstat (limited to 'test.sh')
-rw-r--r--test.sh67
1 files changed, 67 insertions, 0 deletions
diff --git a/test.sh b/test.sh
new file mode 100644
index 0000000..dd67a83
--- /dev/null
+++ b/test.sh
@@ -0,0 +1,67 @@
+CONNTRACK=conntrack
+
+SRC=1.1.1.1
+DST=2.2.2.2
+SPORT=1980
+DPORT=2005
+
+case $1 in
+ dump)
+ # Setting dump mask
+ echo "dump mask set to TUPLE"
+ $CONNTRACK -A -m TUPLE
+ $CONNTRACK -L
+ echo "Press any key to continue..."
+ read
+ echo "dump mask set to TUPLE,COUNTERS"
+ $CONNTRACK -A -m TUPLE,COUNTERS
+ $CONNTRACK -L
+ echo "Press any key to continue..."
+ read
+ echo "dump mask set to ALL"
+ $CONNTRACK -A -m ALL
+ $CONNTRACK -L
+ echo "Press any key to continue..."
+ read
+ ;;
+ new)
+ echo "creating a new conntrack"
+ $CONNTRACK -I --orig-src $SRC --orig-dst $DST \
+ --reply-src $DST --reply-dst $SRC -p tcp \
+ --orig-port-src $SPORT --orig-port-dst $DPORT \
+ --reply-port-src $DPORT --reply-port-dst $SPORT \
+ --state LISTEN -u SEEN_REPLY -t 50
+ ;;
+
+ change)
+ echo "change a conntrack"
+ $CONNTRACK -I --orig-src $SRC --orig-dst $DST \
+ --reply-src $DST --reply-dst $SRC -p tcp \
+ --orig-port-src $SPORT --orig-port-dst $DPORT \
+ --reply-port-src $DPORT --reply-port-dst $SPORT \
+ --state TIME_WAIT -u ASSURED -t 500
+ ;;
+ delete)
+ # 66.111.58.52 dst=85.136.125.64 sport=22 dport=60239
+ $CONNTRACK -D conntrack --orig-src 66.111.58.1 \
+ --orig-dst 85.136.125.64 -p tcp --orig-port-src 22 \
+ --orig-port-dst 60239
+ ;;
+ output)
+ proc=$(cat /proc/net/ip_conntrack | wc -l)
+ netl=$($CONNTRACK -L | wc -l)
+ count=$(cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count)
+ if [ $proc -ne $netl ]; then
+ echo "proc is $proc and netl is $netl and count is $count"
+ else
+ if [ $proc -ne $count ]; then
+ echo "proc is $proc and netl is $netl and count is $count"
+ else
+ echo "now $proc"
+ fi
+ fi
+ ;;
+ *)
+ echo "Usage: $0 [dump|new|change|delete|output]"
+ ;;
+esac