From owner-freebsd-bugs  Thu Feb 20 18:30:10 2003
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C850E37B401
	for <freebsd-bugs@hub.freebsd.org>; Thu, 20 Feb 2003 18:30:08 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 733D643FA3
	for <freebsd-bugs@hub.freebsd.org>; Thu, 20 Feb 2003 18:30:08 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h1L2U8NS009416
	for <freebsd-bugs@freefall.freebsd.org>; Thu, 20 Feb 2003 18:30:08 -0800 (PST)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h1L2U8WN009415;
	Thu, 20 Feb 2003 18:30:08 -0800 (PST)
Date: Thu, 20 Feb 2003 18:30:08 -0800 (PST)
Message-Id: <200302210230.h1L2U8WN009415@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Giorgos Keramidas <keramida@freebsd.org>
Subject: Re: misc/48444: change to count connection attempts instead of listing them
Reply-To: Giorgos Keramidas <keramida@freebsd.org>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR misc/48444; it has been noted by GNATS.

From: Giorgos Keramidas <keramida@freebsd.org>
To: Alan Batie <alan@agora.rdrop.com>
Cc: bug-followup@freebsd.org
Subject: Re: misc/48444: change to count connection attempts instead of listing them
Date: Fri, 21 Feb 2003 04:26:24 +0200

 I do agree that listing all of ipfw's output can be overwhelming at
 times.  Since the perl script of the PR only works for IPFW, here's an
 addition that will probably look interesting to ipfilter users.  I'm
 using the following locally to check for ports that ipfilter has
 blocked and logged:
 
 : #!/bin/sh
 : # $RCS: scripts/listports.sh,v 1.1 2003/01/22 01:14:06 giorgos Exp $
 : # List all the ports that ipfilter has blocked and logged,
 : # ordered by number of hits.
 :
 : echo "    RANK    HITS    PORT"
 : grep "`date '+%b %e'`" /var/log/messages |\
 : egrep -e '(ppp|tun)[0-9]+ .* b ' |\
 : sed -e 's/^.*,.*,//' -e 's/ .*$//' |\
 : sort | uniq -c | sort -r -k 1 | \
 : awk '{ printf "%10d %10d %10d\n", NR, $1, $2 }'
 
 The output is similar to (trimmed to keep this a bit short):
 
 : # sh listports.sh | head -6
 :       RANK       HITS       PORT
 :          1         32        137
 :          2         15         80
 :          3         11       1214
 :          4         11       1080
 :          5          8         81
 
 Does this look like an interesting addition to periodic/security too?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message