seebz · October 16, 2016 15:44
diff --git a/gufw-notify.sh b/gufw-notify.sh
 #!/bin/bash

 #
 # Uncomplicated Firewall notifications
 #

 notify() {
 	notify-send --expire-time=5000 --app-name=gufw --icon=gufw "$@"
 }

 MSG=
 filter() {
 	while read MSG; do
 		if [[ $MSG =~ (UFW) ]]; then
 			set_msg_vars
 			if [[ $MSG =~ (UFW ALLOW) ]]; then
 				allow_msg
 			elif [[ $MSG =~ (UFW AUDIT) ]]; then
 				audit_msg
 			elif [[ $MSG =~ (UFW BLOCK) ]]; then
 				block_msg
 			fi
 		fi
 	done
 }

 MSG_IN=
 MSG_OUT=
 MSG_SRC=
 MSG_DST=
 MSG_ID=
 MSG_PROTO=
 MSG_SPT=
 MSG_DPT=
 set_msg_vars() {
 	MSG_IN=`msg_var IN`
 	MSG_OUT=`msg_var OUT`
 	MSG_SRC=`msg_var SRC`
 	MSG_DST=`msg_var DST`
 	MSG_ID=`msg_var ID`
 	MSG_PROTO=`msg_var PROTO`
 	MSG_SPT=`msg_var SPT`
 	MSG_DPT=`msg_var DPT`
 }

 # msg_var IN
 msg_var() {
 	echo "$MSG" | grep -o "$1=[^ ]*" | cut -d '=' -f 2
 }

 # msg_date +'%x %X'
 msg_date() {
 	d=$( echo "$MSG" | awk -F"`hostname`" '{print $1}' )
 	date --date="$d" "$@"
 }


 allow_msg() {
 	if [ ! -z $MSG_IN ]; then
 		category=x-gufw.allowed.incoming
 		title="Incoming connection allowed"
 		title="$title ($MSG_IN)"
 	elif [ ! -z $MSG_OUT ]; then
 		category=x-gufw.allowed.outgoing
 		title="Outgoing connection allowed"
 		title="$title ($MSG_OUT)"
 	else
 		category=x-gufw.allowed.unknown
 		title="Connection allowed"
 	fi

 	body="From: $MSG_SRC ($MSG_SPT)
 To: $MSG_DST ($MSG_DPT)"

 	notify --category=$category "$title" "$body"
 }

 audit_msg() {
 	# todo
 	:
 }

 block_msg() {
 	if [ ! -z $MSG_IN ]; then
 		category=x-gufw.blocked.incoming
 		title="Incoming connection blocked"
 		title="$title ($MSG_IN)"
 	elif [ ! -z $MSG_OUT ]; then
 		category=x-gufw.blocked.outgoing
 		title="Outgoing connection blocked"
 		title="$title ($MSG_OUT)"
 	else
 		category=x-gufw.blocked.unknown
 		title="Connection blocked"
 	fi

 	body="From: $MSG_SRC ($MSG_SPT)
 To: $MSG_DST ($MSG_DPT)"

 	notify --category=$category "$title" "$body"
 }


 tail --follow --lines=0 /var/log/syslog | filter
	#!/bin/bash

	#
	# Uncomplicated Firewall notifications
	#

	notify() {
	notify-send --expire-time=5000 --app-name=gufw --icon=gufw "$@"
	}

	MSG=
	filter() {
	while read MSG; do
	if [[ $MSG =~ (UFW) ]]; then
	set_msg_vars
	if [[ $MSG =~ (UFW ALLOW) ]]; then
	allow_msg
	elif [[ $MSG =~ (UFW AUDIT) ]]; then
	audit_msg
	elif [[ $MSG =~ (UFW BLOCK) ]]; then
	block_msg
	fi
	fi
	done
	}

	MSG_IN=
	MSG_OUT=
	MSG_SRC=
	MSG_DST=
	MSG_ID=
	MSG_PROTO=
	MSG_SPT=
	MSG_DPT=
	set_msg_vars() {
	MSG_IN=`msg_var IN`
	MSG_OUT=`msg_var OUT`
	MSG_SRC=`msg_var SRC`
	MSG_DST=`msg_var DST`
	MSG_ID=`msg_var ID`
	MSG_PROTO=`msg_var PROTO`
	MSG_SPT=`msg_var SPT`
	MSG_DPT=`msg_var DPT`
	}

	# msg_var IN
	msg_var() {
	echo "$MSG" \| grep -o "$1=[^ ]*" \| cut -d '=' -f 2
	}

	# msg_date +'%x %X'
	msg_date() {
	d=$( echo "$MSG" \| awk -F"`hostname`" '{print $1}' )
	date --date="$d" "$@"
	}


	allow_msg() {
	if [ ! -z $MSG_IN ]; then
	category=x-gufw.allowed.incoming
	title="Incoming connection allowed"
	title="$title ($MSG_IN)"
	elif [ ! -z $MSG_OUT ]; then
	category=x-gufw.allowed.outgoing
	title="Outgoing connection allowed"
	title="$title ($MSG_OUT)"
	else
	category=x-gufw.allowed.unknown
	title="Connection allowed"
	fi

	body="From: $MSG_SRC ($MSG_SPT)
	To: $MSG_DST ($MSG_DPT)"

	notify --category=$category "$title" "$body"
	}

	audit_msg() {
	# todo
	:
	}

	block_msg() {
	if [ ! -z $MSG_IN ]; then
	category=x-gufw.blocked.incoming
	title="Incoming connection blocked"
	title="$title ($MSG_IN)"
	elif [ ! -z $MSG_OUT ]; then
	category=x-gufw.blocked.outgoing
	title="Outgoing connection blocked"
	title="$title ($MSG_OUT)"
	else
	category=x-gufw.blocked.unknown
	title="Connection blocked"
	fi

	body="From: $MSG_SRC ($MSG_SPT)
	To: $MSG_DST ($MSG_DPT)"

	notify --category=$category "$title" "$body"
	}


	tail --follow --lines=0 /var/log/syslog \| filter