Growl Firewall Alerts

Sfiera · Post by **Sfiera** » Sun Dec 18, 2005 7:05 am

I recently enabled the Firewall logger (Sharing Preference Pane) and watched the traffic in my console for a bit - then I realized I could probably route the contents of the log into Growl to see what's happening. The result is these two files:

ipfw-notify:

Code: Select all

#/bin/sh
while read; do
    echo $REPLY | sed s/^.\*ipfw:\ *// | growlnotify -n Firewall --image /System/Library/PreferencePanes/SharingPref.prefPane/Contents/Resources/Caution.tiff Firewall
done

ipfw-growl:

Code: Select all

#!/bin/sh
tail -n 0 -F /var/log/ipfw.log | ipfw-notify

Put these both somewhere in your PATH (/usr/local/bin, or ~/bin if you're configured for it). Running ipfw-growl will route messages from your firewall straight into Growl. Depending on the amount of network traffic you get, this may get old quickly. As it seems, most of the traffic my firewall blocks is intended for Windows-related exploits.

Sfiera · Post by **Sfiera** » Sun Dec 18, 2005 12:54 pm

Having slept on this, it now occurs to me that a DOS attack while using this would be rather nasty. Perhaps I'll try to find a more suitable adaptation for those scripts.