--- a/README	Sun Aug 16 02:59:22 2009 +0300
+++ b/README	Sun Aug 16 03:36:27 2009 +0300
@@ -1,4 +1,4 @@
-Malicious Attack Livid Termination Filter daemon (maltfilter) v0.12.2
+Malicious Attack Livid Termination Filter daemon (maltfilter) v0.12.3
 =====================================================================
 Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org>
 (C) Copyright 2009 Tecnic Software productions (TNSP)

--- a/maltfilter	Sun Aug 16 02:59:22 2009 +0300
+++ b/maltfilter	Sun Aug 16 03:36:27 2009 +0300
@@ -10,7 +10,7 @@
 use Date::Parse;
 use Net::IP;
 
-my $progversion = "0.12.2";
+my $progversion = "0.12.3";
 my $progbanner =
 "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n".
 "Programmed by Matti 'ccr' Hamalainen <ccr\@tnsp.org>\n".
@@ -235,7 +235,7 @@
 {
   my $fh = $_[1];
   if ($_[0]) {
-    my $s = defined($_[3]) ? " class=\"$_[3]\"" : "";
+    my $s = defined($_[3]) ? " ".$_[3]." " : "";
     print $fh "<td".$s.">".$_[2]."</td>";
   } else {
     print $fh $_[2];
@@ -334,6 +334,31 @@
   printP($m, $f, bb($m).$ntotal.eb($m)." entries total.\n");
 }
 
+sub cmp_ips($$$)
+{
+  my @ipa = split(/\./, $_[1]);
+  my @ipb = split(/\./, $_[2]);
+  for (my $i = 0; $i < 4; $i++) {
+    return -1 if ($ipa[$i] > $ipb[$i]);
+    return  1 if ($ipa[$i] < $ipb[$i]);
+  }
+  return 0;
+}
+
+sub test_ips($$)
+{
+  my @ipa = split(/\./, $_[0]);
+  my @ipb = split(/\./, $_[1]);
+  for (my $i = 0; $i < 3; $i++) {
+    return $i if ($ipa[$i] != $ipb[$i]);
+  }
+  return 4;
+}
+
+my @ipcolors = (
+  "#666",
+  "#777",
+);
 
 sub print_table2($$$$$$)
 {
@@ -345,10 +370,19 @@
   printElem($m, $f,
   "<table class=\"".$class."\">\n<tr>". $str."<th> </th>".$str ."</tr>\n",
   $str2." || ".$str2."\n");
+
+  my @previp = ("0.0.0.0", "0.0.0.0");
+  my @ncolor = (0, 0);
   
   my $printEntry = sub {
-    my $blocked = defined($blocklist{$_[0]}) ? "blocked" : "unblocked";
-    printTD($m, $f, sprintf("%-15s", get_link($m, $_[0])), $blocked);
+    my $blocked = "class=\"".(defined($blocklist{$_[0]}) ? "blocked" : "unblocked")."\"";
+    if (test_ips($previp[$_[1]], $_[0]) < 3) {
+      $ncolor[$_[1]]++;
+    }
+    $previp[$_[1]] = $_[0];
+    my $str = "style=\"background: ".$ipcolors[$ncolor[$_[1]] % scalar @ipcolors].";\"";
+
+    printTD($m, $f, sprintf("%-15s", get_link($m, $_[0])), $str);
     printElem(!$m, $f, " | ");
     printTD($m, $f, sprintf("%-8d ", $table->{$_[0]}{"hits"}), $blocked);
     printElem(!$m, $f, " | ");
@@ -364,13 +398,14 @@
   my @mkeys = sort { $func->($table, $a, $b) } keys %{$keys};
   my $nkeys = scalar @mkeys;
   my $kmax = $nkeys / 2;
+  
   for (my $i = 0; $i <= $kmax; $i++) {
     printElem($m, $f, " <tr>");
     if ($i < $kmax) {
-      $printEntry->($mkeys[$i]);
+      $printEntry->($mkeys[$i], 0);
       printElem($m, $f, "<th> </th>", " || ");
     }
-    if ($i + $kmax + 1 < $nkeys) { $printEntry->($mkeys[$i + $kmax + 1]); }
+    if ($i + $kmax + 1 < $nkeys) { $printEntry->($mkeys[$i + $kmax + 1], 1); }
     printElem($m, $f, "</tr>\n", "\n");
   }
 
@@ -378,17 +413,6 @@
   printP($m, $f, bb($m).$nkeys.eb($m)." entries total, ".bb($m).$nhits.eb($m)." hits total.\n");
 }
 
-sub cmp_ips($$$)
-{
-  my @ipa = split(/\./, $_[1]);
-  my @ipb = split(/\./, $_[2]);
-  for (my $i = 0; $i < 4; $i++) {
-    return -1 if ($ipa[$i] > $ipb[$i]);
-    return  1 if ($ipa[$i] < $ipb[$i]);
-  }
-  return 0;
-}
-
 sub cmp_hits($$$)
 {
   return $_[0]->{$_[2]}{"hits"} <=> $_[0]->{$_[1]}{"hits"};
@@ -461,7 +485,8 @@
   print_table2($m, $f, \%statlist, \%statlist, \&cmp_ips, "global");
 
   printH($m, $f, 2, "Ignored entries");
-  printP($m, $f, "List of hits that were ignored (not acted upon), because the test was disabled.\n");
+  printP($m, $f, "List of hits that were ignored (not acted upon), because the test was disabled.\n".
+  "Notice that the entry may be blocked due to other checks, however.\n");
   print_table1($m, $f, \%ignorelist, \%ignorelist, \&cmp_hits, "ignored");
 
   printElem($m, $f, "</body>\n</html>\n");