List total hits of iptable drops

I have been busy making and studying defense strategies to better implement and monitor my firewall system.

So after you have decided to insert DROP rules in your iptables, it is a good practice to check the statistics of how efficient the additional "load" has been to your overall performance, that is, is it effective or should you leave it for fail2ban to control the hits ?

I made a bash script to summaries the hits on iptables rules to avoid all the stdout that obfuscates the  important information.

As usually sad, use at your own risk.  Make a backup plan before proceeding.

#!/bin/bash
#
# check how many hits on iptables drop rule
# by braselectron.com  OCT 16, 2019
#
# iptables formated output example needed:
# '0 0 DROP all -- any any 47.203.94.77 anywhere'
#
# so now clear and fix the spaces on the output
#
readarray iptls <<< "$(sudo iptables -vnL | grep DROP |\
 sed 's/  / /g' | sed 's/  / /g' | sed 's/  / /g' |\
 sed 's/^ //g')"
#
# debug point
# echo "iptls lenght is ${#iptls[@]}"
#
echo -e "Hits\tTarget Denied"
for element in "${iptls[@]}"
do
  #
  # debug point
  # echo "> $element"
  #
  verify=( $(echo "$element" | cut -d " " -f 1) )
  #
  # debug point
  # echo "verify = $verify"
  #
  if [ "$verify" -ne "0" ]; then
     hits="$verify"
     target=( $(echo "$element" | cut -d " " -f 8) )
     echo -e "$hits\t$target"
  fi
done

If all goes well you will get a output similar to this:

Hits    Target Denied
1       198.108.66.0/23
4       92.118.161.0/24
3       92.118.160.0/24
1       74.82.47.0/24
1       185.173.35.0/24
1       71.6.128.0/17
2       122.228.0.0/16
4       95.154.101.209
1131    139.59.13.150

But this is based on my active iptables rules.

Shields up captain!
Cheers!