#!/bin/bash
# Author:  Oliver Ladner <oli@lugh.ch>
# License: LGPL
#
# Shows recent connections tracked by the iptables "recent" module.
# Requirements:
# - iptables with rules for the "recent" module 
# - Shell cmds: geoiplookup

top=30

echo "Top $top recent IP addresses:"
echo -e "Count\tIP\t\tCountry"
for ip in $(cat /proc/net/xt_recent/DEFAULT | awk {'print $1'} | sed 's/src=//'); do
	IP=$(geoiplookup $ip | sed 's/GeoIP Country Edition:.*, //')
	if [[ "$IP" =~ "IP Address not found" ]]; then IP="n/a"; fi
	COUNT=$(cat /proc/net/xt_recent/DEFAULT | grep "$ip" | awk {'print $7'})
	echo -e "$COUNT\t$ip\t$IP"
done | sort -rn | head -$top