Add block count to ufw status report

addBlockCount

#!/bin/awk

{
	ORS=""
	print $0
	if ($2 == "DENY" && $3 ~ /\.0\/24$/ && $4 == "(log)") {
		subnet=substr($3, 0,length($3)-4)
		print "\t\t"
		#print subnet
		print "grep -F " subnet " /var/log/ufw.* | wc -l\n" | "/bin/bash"
		# If we don't close bash, the output of bash will not flush to the stdout,
		# so the order will be wrong.
		close("/bin/bash")

		# Unfortunately, `wc` outputs newline character.
	}
	else {
		print "\n"
	}
}

This AWK program counts the number of times an IP is blocked (and logged) by UFW.

It assumes the src format ends with ".0/24".

It's tested on Ubuntu 20.

Usage

$ sudo ufw status | sudo awk -f addBlockCount
Status: active

To                         Action      From
--                         ------      ----
Anywhere                   DENY        45.128.125.0/24            (log)         4
Anywhere                   DENY        178.233.20.0/24            (log)         5
Anywhere                   DENY        198.12.72.0/24             (log)         6
Anywhere                   DENY        109.201.130.0/24           (log)         3
Anywhere                   DENY        176.123.2.0/24             (log)         5
Anywhere                   DENY        46.166.179.0/24            (log)         3
Anywhere                   DENY        85.239.34.0/24             (log)         6
Anywhere                   DENY        193.168.141.0/24           (log)         9
Anywhere                   DENY        23.154.177.0/24            (log)         11
Anywhere                   DENY        107.189.1.0/24             (log)         4
Anywhere                   DENY        45.95.169.0/24             (log)         4
Anywhere                   DENY        185.100.87.0/24            (log)         89