#!/usr/bin/perl
# © 2001 Ronald Florence <ron@18james.com>
# last modified ron@rosie.18james.com, 14 Jun 2002

my($inp,$outp) = (0,0);

if ($ARGV[0] eq "pass") {
  foreach (`/sbin/ipfstat -hio`) {
    $inp += $1 if (/^(\d+)\s+pass\s+in.+quick/);
    $outp += $1 if (/^(\d+)\s+pass\s+out.+quick/);
  }
}

elsif ($ARGV[0] eq "blocked") {
  foreach (`/sbin/ipfstat -hio`) {
    $outp += $1 if (/^(\d+)\s+block.+out.+quick/);
    $inp += $1 if (/^(\d+)\s+block.+in.+quick/);
  }
}

elsif ($ARGV[0] eq "nat") {
  foreach (`/sbin/ipnat -s`) {
    last if ($inp,$outp) = /^mapped\s+in\s+(\d+)\s+out\s+(\d+)/;
  }
}

elsif ($ARGV[0] eq "acct") {
  foreach (`/sbin/ipfstat -aio`) {
    $inp = $1 if (/^(\d+)\s+count in/);
    $outp = $1 if (/^(\d+)\s+count out/);
  }
}

elsif ($ARGV[0] eq "state") {
  foreach (`/sbin/ipfstat -s`) {
    last if ($outp) = /(\d+)\s+active/;
  }
  foreach (`/sbin/ipnat -s`) {
    last if ($inp) = /^inuse\s+(\d+)/;
  }
}

else { die "usage: ipf pass|blocked|nat|acct|state\n"; }

print "$inp\n",
      "$outp\n";
$_ = `/usr/bin/uptime`;
($uptime) = /up\s+(.*),.+user/;
$uptime =~ tr/()//d;
$uptime =~ s/(^1\s+day)s/\1/;
chop($firewall = `uname -nm`);
foreach (`/sbin/ipf -V`) {
  last if ($version) = /ipf:(.*)\s+\(/;
}
$version =~ s/: v/-/;
print "$uptime\n",
      "$firewall$version\n";

__END__

=head1 NAME

  ipf.pl -  reads stats and uptime from ip-filter for mrtg

=head1 SYNOPSIS

  Use some version of the following in mrtg.cfg:

  Target[ipf]: `./ipf.pl pass`
  Options[ipf]: growright, perhour
  MaxBytes[ipf]: 50000
  Title[ipf]: Firewall Connections
  PageTop[ipf]: <h3>Firewall Connections</h3>
  YLegend[ipf]: packets/hr
  ShortLegend[ipf]: pkts/h
  Legend1[ipf]: Incoming Connections
  Legend2[ipf]: Outgoing Connections

  Target[state]: `./ipf.pl state`
  Options[state]: growright, gauge, integer
  MaxBytes[state]: 2048
  Title[state]: State Table
  PageTop[state]: <h3>NAT &amp; IP state tables</h3>
  YLegend[state]: states
  ShortLegend[state]: states
  Legend1[state]: NAT states
  Legend2[state]: IP states
  LegendI[state]: nat:
  LegendO[state]: ip:

  Other available targets are `ipf.pl blocked`
                              `ipf.pl nat`
                              `ipf.pl acct`

=head1 DESCRIPTION

    A simple script to read various ip-filter statistics and massage the
    data into a format that can be displayed by mrtg.

=head1 LICENSE

    You may distribute this module under the same license as Perl itself.

=head1 AUTHOR

    Ronald Florence <ron@18james.com> 

=cut