From 3ddcb48412ce9be9cbb4d0213d894a517b23ef27 Mon Sep 17 00:00:00 2001
From: Robert Gerus <arachnist@i.am-a.cat>
Date: Sun, 25 Aug 2013 23:30:41 +0200
Subject: [PATCH] Add a utility for easier handling of pf logging facilities.

---
 utils/fwlog | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100755 utils/fwlog

diff --git a/utils/fwlog b/utils/fwlog
new file mode 100755
index 0000000..77fd127
--- /dev/null
+++ b/utils/fwlog
@@ -0,0 +1,68 @@
+#!/usr/local/bin/bash
+
+set -o errexit
+set -o pipefail
+set -o nounset
+
+PFCTL="/sbin/pfctl"
+
+add() {
+    ${PFCTL} -t loghosts -Tadd ${1}
+}
+
+del() {
+    ${PFCTL} -t loghosts -Tdel ${1}
+}
+
+show() {
+    ${PFCTL} -t loghosts -Tshow
+}
+
+log() {
+    tcpdump -n -e -ttt -i pflog0
+}
+
+usage() {
+    echo "${0} <action> [<argument>]"
+    cat << EOF
+    where <action> is one of:
+        add - add an address to loghosts table
+        del - remove an address from loghosts table
+        show|list - list contents of loghosts table
+        log|trace|follow - realtime display of logged connections
+    where <argument> is applicable for following actions:
+        add - ip address or FQDN
+        del - ip address or FQDN
+EOF
+}
+
+# poor getopts replacement. i'm too lazy to learn getopts
+while [[ $# -gt 0 ]]; do
+    case ${1} in
+        add)
+            add ${2}
+            shift 2
+            ;;
+        del)
+            del ${2}
+            shift 2
+            ;;
+        show|list)
+            show
+            shift 2
+            ;;
+        log|trace|follow)
+            log
+            shift
+            ;;
+        -h|--help)
+            usage
+            exit 0
+            ;;
+        *)
+            echo "unknown argument"
+            exit 1
+            ;;
+    esac
+done
+