You can clone with
Cannot retrieve contributors at this time
Thomas Bullinger - Contributed patches for the --no-jumps option - Wrote the makefwsnort.sh script to download the latest stable snort rules. - Bugfix for correct IP protocol number. - Bugfix for missed --ipt-script option. - Suggested the ability to specify multiple sid's with the --snort-sids option.Paul O'Neil - Discovered missed DMZ interface code bug.Ahmad Almulhem - Suggested --ipt-tos and --ipt-mark options - Suggested ability to manually specify interface networks instead of automatically parsing the output of ifconfig. This allows fwsnort to be run on a system where no IP is assigned to an interface such as a linux box that is acting as a bridge.Hank Leininger - Suggested the combination of the QUEUE target and string matching as a way to speed up inline Snort implementations. This suggestion was made at a talk I gave about Linux Firewalls at ShmooCon 2007, and the --NFQUEUE and --QUEUE command line arguements were the result.Grant Ferley - Submitted patch to exclude loopback interfaces from iptables allow rules parsing. This behavior can be reversed with the existing --no-exclude-loopback command line argument. - Submitted patch to IPTables::Parse to take into account iptables policy output that contains "0" instead of "all" to represent any protocol. - Suggested bugfix to allow negated networks to be specified within iptables allow rules or within the fwsnort.conf file.Franck Joncourt - Submitted patch to fix double dash format in fwsnort man page. - Architected the process of packaging fwsnort (and the other Cipherdyne projects) for the Debian Linux distribution. - Submitted fwsnort documentation fixes for the ChangeLog and fwsnort man page. - Suggested creating the Snort rules directory if it doesn't already exist when downloading the rules from Emerging Threats. - Submitted patch for the MAX_STRING_LEN protection around iptables string match arguments. - Submitted patch for fwsnort to use the "! <option> <arg>" syntax instead of the older "<option> ! <arg>" for the iptables command line.Justin B Rye - Suggested wording updates for the fwsnort(8) man page in support of the Debian package for fwsnort.D T - Asked about whether fwsnort could be updated to apply to IPv6 traffic on the fwsnort mailing list.Guillermo Gomez - Suggested a default logging location of /var/log/fwsnort/fwsnort.log instead of /var/log/fwsnort.log. The result was the addition of the LOG_DIR and associated variables in the fwsnort.conf file.Andy Rowland - Found a bug where fwsnort would attempt to use an invalid URL when updating the Emerging Threats rule set via --update-rules.Yves Pagani - Found a bug where fwnsort could build iptables --log-prefix strings that are longer than the underlying iptables firewall would allow.