From b50c37b3efa4cd8a3b5ff8907f68ca49641c13f9 Mon Sep 17 00:00:00 2001
From: Oliver Ladner <waste@lugh.ch>
Date: Thu, 12 Jan 2017 21:45:05 +0100
Subject: [PATCH] beef up iptables-show-recent, limit output

---
 iptables-show-recent.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/iptables-show-recent.sh b/iptables-show-recent.sh
index 2c5edec..b276b30 100755
--- a/iptables-show-recent.sh
+++ b/iptables-show-recent.sh
@@ -7,9 +7,13 @@
 # - iptables with rules for the "recent" module 
 # - Shell cmds: geoiplookup
 
+top=30
+
+echo "Top $top recent IP addresses:"
+echo -e "Count\tIP\t\tCountry"
 for ip in $(cat /proc/net/xt_recent/DEFAULT | awk {'print $1'} | sed 's/src=//'); do
 	IP=$(geoiplookup $ip | sed 's/GeoIP Country Edition:.*, //')
 	if [[ "$IP" =~ "IP Address not found" ]]; then IP="n/a"; fi
 	COUNT=$(cat /proc/net/xt_recent/DEFAULT | grep "$ip" | awk {'print $7'})
-	echo -e "$COUNT\t$ip\t($IP)"
-done | sort -rn
+	echo -e "$COUNT\t$ip\t$IP"
+done | sort -rn | head -$top