The output of some commands are impossible to read, especially a network flow in real time. I’ve collected a few ways to accomplish coloring of keywords.
ConnTrack
The conntrack command can show you Netfilters Connection Tracking in real time, on a firewall with lots of traffic you will need to pinpoint whar you are looking for. See the man-page for conntrack for filtering options, -s in the example filters by source IP.
To colorize the source and destination ports of the conntrack command:
# conntrack -s 196.88.88.51 -E | sed -E '/([ds]port?=)([[:digit:]]+?)/s//\1\x1b[33;1m\2\x1b[0m/g'
you can also use grep to colorize conntrack:
# conntrack -s 196.88.88.51 -E | grep --color -E '8.8.8.8|$'
IPTables
Create a function called colorize_ipt and pipe your iptables command like this: # iptables -L -v -n | colorize_ipt
function colorize_ipt { sed -E 's/^Chain.*$/\x1b[4m&\x1b[0m/' | sed -E 's/^num.*/\x1b[33m&\x1b[0m/' | sed -E '/([^y] )((REJECT|DROP))/s//\1\x1b[31m\3\x1b[0m/' | sed -E '/([^y] )(ACCEPT)/s//\1\x1b[32m\2\x1b[0m/' | sed -E '/([ds]pt[s]?:)([[:digit:]]+(:[[:digit:]]+)?)/s//\1\x1b[33;1m\2\x1b[0m/' | sed -E '/([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}(\/([[:digit:]]){1,3}){0,1}/s//\x1b[36;1m&\x1b[0m/g' | sed -E '/([^n] )(LOGDROP)/s//\1\x1b[33;1m\2\x1b[0m/'| sed -E 's/ LOG /\x1b[36;1m&\x1b[0m/'; }
Or perhaps a script which would be easier to read ;)
#!/bin/bash
function colorize {
sed -E 's/^Chain.*$/\x1b[4m&\x1b[0m/' |\
sed -E 's/^num.*/\x1b[33m&\x1b[0m/' |\
sed -E '/([^y] )((REJECT|DROP))/s//\1\x1b[31m\3\x1b[0m/' |\
sed -E '/([^y] )(ACCEPT)/s//\1\x1b[32m\2\x1b[0m/' |\
sed -E '/([ds]pt[s]?:)([[:digit:]]+(:[[:digit:]]+)?)/s//\1\x1b[33;1m\2\x1b[0m/' |\
sed -E '/([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}(\/([[:digit:]]){1,3}){0,1}/s//\x1b[36;1m&\x1b[0m/g' |\
sed -E '/([^n] )(LOGDROP)/s//\1\x1b[33;1m\2\x1b[0m/'|\
sed -E 's/ LOG /\x1b[36;1m&\x1b[0m/'
}
$* | colorize
I found these sed commands on the internet btw so im not responsible for the awesome regex!