Skip to content
This repository


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

file 82 lines (69 sloc) 3.697 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82
Thomas Bullinger
    - Contributed patches for the --no-jumps option
    - Wrote the script to download the latest stable snort
    - Bugfix for correct IP protocol number.
    - Bugfix for missed --ipt-script option.
    - Suggested the ability to specify multiple sid's with the --snort-sids

Paul O'Neil
    - Discovered missed DMZ interface code bug.

Ahmad Almulhem
    - Suggested --ipt-tos and --ipt-mark options
    - Suggested ability to manually specify interface networks instead of
      automatically parsing the output of ifconfig. This allows fwsnort to be
      run on a system where no IP is assigned to an interface such as a linux
      box that is acting as a bridge.

Hank Leininger
    - Suggested the combination of the QUEUE target and string matching as a
      way to speed up inline Snort implementations. This suggestion was made
      at a talk I gave about Linux Firewalls at ShmooCon 2007, and the
      --NFQUEUE and --QUEUE command line arguements were the result.

Grant Ferley
    - Submitted patch to exclude loopback interfaces from iptables allow rules
      parsing. This behavior can be reversed with the existing
      --no-exclude-loopback command line argument.
    - Submitted patch to IPTables::Parse to take into account iptables policy
      output that contains "0" instead of "all" to represent any protocol.
    - Suggested bugfix to allow negated networks to be specified within
      iptables allow rules or within the fwsnort.conf file.

Franck Joncourt
    - Submitted patch to fix double dash format in fwsnort man page.
    - Architected the process of packaging fwsnort (and the other Cipherdyne
      projects) for the Debian Linux distribution.
    - Submitted fwsnort documentation fixes for the ChangeLog and fwsnort man
    - Suggested creating the Snort rules directory if it doesn't already exist
      when downloading the rules from Emerging Threats.
    - Submitted patch for the MAX_STRING_LEN protection around iptables string
      match arguments.
    - Submitted patch for fwsnort to use the "! <option> <arg>" syntax instead
      of the older "<option> ! <arg>" for the iptables command line.

Justin B Rye
    - Suggested wording updates for the fwsnort(8) man page in support of the
      Debian package for fwsnort.

    - Asked about whether fwsnort could be updated to apply to IPv6 traffic
      on the fwsnort mailing list.

Guillermo Gomez
    - Fedora maintainer of fwsnort.
    - Suggested a default logging location of /var/log/fwsnort/fwsnort.log
      instead of /var/log/fwsnort.log. The result was the addition of the
      LOG_DIR and associated variables in the fwsnort.conf file.

Andy Rowland
    - Found a bug where fwsnort would attempt to use an invalid URL when
      updating the Emerging Threats rule set via --update-rules.

Yves Pagani
    - Found a bug where fwnsort could build iptables --log-prefix strings that
      are longer than the underlying iptables firewall would allow.

Kim Hagen
    - Submitted a patch for a bug in fwsnort-1.6 where the fwsnort policy in
      iptables-save format could not be loaded whenever iptables-save put the
      nat table output after the filter table output. In this case, fwsnort
      would fail with an error like the following (fixed in fwsnort-1.6.1):

        Couldn't load target
        cannot open shared object file: No such file or directory

Peter Vrabec
    - Suggested a new directory /var/lib/fwsnort/ for the script
      and associated files (,, etc.).
Something went wrong with that request. Please try again.