Show ufw actions since boot,
with ip address information from RIPE database. Firewall actions are sourced from journalctl.
▶ ufw-stats --help
Usage: ufw-stats [OPTION]...
Show ufw actions since boot, with ip address information from RIPE database.
Options:
-j, --json produce JSON optput instead of plain text
-o, --output=FILE direct output to the FILE
-f, --follow tail the log (continuously print new entries)
-n, --num-actions=N show N most recent firewall actions
-h, --help show this message and exit
Installation: Just copy the ufw-stats file to a directory included in the $PATH environment variable.
In the default text mode the program produces one record per each firewall action, for example:
TS: 2021-02-02 11:01:53.494073+0000
ACTION: BLOCK
PROTO: UDP
SRC:
SCOPE: global
IF: n/a
IP: 213.230.86.36
PORT: 29960
HOST: 36.64.uzpak.uz
NET: 213.230.86.0/24
NAME: UZTELECOM-DYNAMIC-CUSTOMERS-CGN
DESCR: n/a
COUNTRY: UZ
DEST:
SCOPE: private
IF: wlp2s0
IP: 192.168.0.6
PORT: 53233
HOST: m-desktop
NET: 192.168.0.0/24
NAME: n/a
DESCR: n/a
COUNTRY: n/a
In JSON mode the output is a JSON array of records each equivalent to the above, for example (pretty-printed for readability):
{
"SRC": {
"IP": "213.230.86.36",
"SCOPE": [
"global"
],
"HOST": "36.64.uzpak.uz",
"NAME": "UZTELECOM-DYNAMIC-CUSTOMERS-CGN",
"NET": "213.230.86.0/24",
"COUNTRY": "UZ",
"PORT": 29960
},
"DST": {
"IP": "192.168.0.6",
"SCOPE": [
"private"
],
"HOST": "m-desktop",
"NET": "192.168.0.0/24",
"IF": "wlp2s0",
"PORT": 53233
},
"PROTO": "UDP",
"TS": "2021-02-02T11:01:53.494073+0000",
"ACTION": "BLOCK"
}Tested on Linux Mint 20.1 with ufw v0.36 and Python 3.8.5.