Sample program to parse firewall list output

ip.data

Shorewall 4.5.17.1 per-IP Accounting at fw1 - Sun Jun  9 18:38:05 EST
2013

Showing table: cowboys
IP: 192.168.200.1 SRC packets: 4196607 bytes: 292644635 DST packets: 7224498 bytes: 762829278
IP: 192.168.200.2 SRC packets: 77289 bytes: 4799573 DST packets: 324472 bytes: 481821874
IP: 192.168.200.3 SRC packets: 122875 bytes: 14531084 DST packets: 145748 bytes: 170332152
IP: 192.168.200.4 SRC packets: 142254 bytes: 18836983 DST packets: 106100 bytes: 26420351
IP: 192.168.200.5 SRC packets: 3424090 bytes: 181079976 DST packets: 6948051 bytes: 1798270528
IP: 192.168.200.6 SRC packets: 2758 bytes: 234311 DST packets: 12875 bytes: 18882957
IP: 192.168.200.9 SRC packets: 74277 bytes: 8864576 DST packets: 21888 bytes: 5834302
IP: 192.168.200.10 SRC packets: 583 bytes: 44836 DST packets: 623 bytes: 177505
IP: 192.168.200.253 SRC packets: 157 bytes: 11899 DST packets: 156 bytes: 12834

Showing table: indians
IP: 10.0.0.2 SRC packets: 1108147 bytes: 105913984 DST packets: 2698261 bytes: 3740346675
IP: 10.0.0.3 SRC packets: 362460 bytes: 145188605 DST packets: 300909 bytes: 136230642

ip.rb

#!/usr/bin/ruby

$w = true

require 'ipaddr'

data = Hash.new {|h,k| h[k] = []}
current = nil

ARGF.each_line do |line|
  case line
  when /Showing table:\s*(\w+)/
    current = data[$1]
  when /^IP/
    h = {}
    
    line.scan /(\w+):\s*([\d.]+)/ do |match|
      key = $1.to_sym
      val = $2

      h[key] = case val
        when /\A\d+\z/
        Integer(val)
      when /\A\d{1,3}(?:\.\d{1,3}){3}\z/
        IPAddr.new val
      else
        val
      end
    end
    
    current << h
  end
end

require 'pp'
pp data