I wrote up afctl (the command line tool to manage the OS X Server Adaptive Firewall) awhile back here https://krypted.com//mac-security/a-little-more-about-afctl-in-os-x-server. One thing I didn’t touch on is statistics. There’s a nice little command called hb_summary located in /Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/AdaptiveFirewall.bundle/Contents/MacOS that provides statistics for blocked hosts. To see statistics about how much the Adaptive Firewall is being used, just run the command with no options:
/Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/AdaptiveFirewall.bundle/Contents/MacOS/hb_summary
The output provides the following information (helpful if plugging this information into a tool like Splunk):
- Date
- Date statistics start
- Number of hosts blocked
- Addresses blocked
- Number of times each address was blocked
- Last time a host was blocked
- Total number of times a block was issued
