added a test suite for fwsnort

ChangeLog

@@ -17,6 +17,9 @@ fwsnort-1.6.3 (12/18/2012):
       iptables capabilities are not tested.
     - (Andrew Merenbach) Bug fix to properly honor --exclude-regex filtering
       option.
+    - Added fwsnort test suite to the test/ directory.  This mimics the test
+      suites from the psad and fwknop projects, and it designed to examine
+      many of the run time results of fwsnort.
     - Updated to bundle the latest Emerging Threats rule set.
 
 fwsnort-1.6.2 (04/28/2012):

test/conf/default_fwsnort.conf

@@ -0,0 +1,116 @@
+#
+###########################################################################
+#
+#  This is the configuration file for fwsnort.  There are some similarities
+#  between this file and the configuration file for Snort.
+#
+###########################################################################
+#
+
+### Fwsnort treats all traffic directed to / originating from the local
+### machine as going to / coming from the HOME_NET in Snort rule parlance.
+### If there is only one interface on the local system, then there will be
+### no rules processed via the FWSNORT_FORWARD chain because no traffic
+### would make it into the iptables FORWARD chain.
+HOME_NET                any;
+EXTERNAL_NET            any;
+
+### List of servers.  Fwsnort supports the same variable resolution as
+### Snort.
+HTTP_SERVERS            $HOME_NET;
+SMTP_SERVERS            $HOME_NET;
+DNS_SERVERS             $HOME_NET;
+SQL_SERVERS             $HOME_NET;
+TELNET_SERVERS          $HOME_NET;
+
+### AOL AIM server nets
+AIM_SERVERS             [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24, 64.12.28.0/24, 64.12.29.0/24, 64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24];
+
+### Configurable port numbers
+SSH_PORTS               22;
+HTTP_PORTS              80;
+SHELLCODE_PORTS         !80;
+ORACLE_PORTS            1521;
+
+### Default update URL for new rules.  This variable can be given multiple
+### times on separate lines in order to specify multiple update URL's:
+#UPDATE_RULES_URL       <url1>
+#UPDATE_RULES_URL       <url2>
+UPDATE_RULES_URL        http://rules.emergingthreats.net/open/snort-2.9.0/emerging-all.rules;
+
+### define average packet lengths and maximum frame length.  This is
+### used for iptables length match emulation of the Snort dsize option.
+AVG_IP_HEADER_LEN       20;   ### IP options are not usually used.
+AVG_TCP_HEADER_LEN      30;   ### Include 10 bytes for options
+MAX_FRAME_LEN           1500;
+
+### define the max length of the content (null terminated string) that
+### can be passed to either the --hex-string or --string iptables matches.
+### Note that as of fwsnort-1.5, the max string length supported by the
+### local iptables instance is automatically determined, so this variable
+### is not really needed, and just allows a max value to be set
+### independently of what iptables supports.
+MAX_STRING_LEN          1024;
+
+### Use the WHITELIST variable to define a list of hosts/networks
+### that should be completely ignored by fwsnort.  For example, if you
+### want to whitelist the IP 192.168.10.1 and the network 10.1.1.0/24,
+### you would use (note that you can also specify multiple WHITELIST
+### variables, one per line):
+#WHITELIST             192.168.10.1, 10.1.1.0/24;
+WHITELIST               NONE;
+
+### Use the BLACKLIST variable to define a list of hosts/networks
+### that for which fwsnort should DROP or REJECT all traffic.  For
+### example, to DROP all traffic from the 192.168.10.0/24 network, you
+### can use:
+###     BLACKLIST            192.168.10.0/24    DROP;
+### To have fwsnort REJECT all traffic from 192.168.10.0/24, you would
+### use:
+###     BLACKLIST            192.168.10.0/24    REJECT;
+BLACKLIST               NONE;
+
+### define the jump position in the built-in chains to jump to the
+### fwsnort chains
+FWSNORT_INPUT_JUMP      1;
+FWSNORT_OUTPUT_JUMP     1;
+FWSNORT_FORWARD_JUMP    1;
+
+### iptables chains (these do not normally need to be changed).
+FWSNORT_INPUT           FWSNORT_INPUT;
+FWSNORT_INPUT_ESTAB     FWSNORT_INPUT_ESTAB;
+FWSNORT_OUTPUT          FWSNORT_OUTPUT;
+FWSNORT_OUTPUT_ESTAB    FWSNORT_OUTPUT_ESTAB;
+FWSNORT_FORWARD         FWSNORT_FORWARD;
+FWSNORT_FORWARD_ESTAB   FWSNORT_FORWARD_ESTAB;
+
+### fwsnort filesystem paths
+INSTALL_ROOT            fwsnort-install;
+CONF_DIR                $INSTALL_ROOT/etc/fwsnort;
+RULES_DIR               $CONF_DIR/snort_rules;
+LOG_DIR                 $INSTALL_ROOT/var/log/fwsnort;
+LIBS_DIR                $INSTALL_ROOT/usr/lib/fwsnort;  ### for perl modules
+STATE_DIR               $INSTALL_ROOT/var/lib/fwsnort;
+QUEUE_RULES_DIR         $STATE_DIR/snort_rules_queue;
+ARCHIVE_DIR             $STATE_DIR/archive;
+
+CONF_FILE               $CONF_DIR/fwsnort.conf;
+LOG_FILE                $LOG_DIR/fwsnort.log;
+FWSNORT_SCRIPT          $STATE_DIR/fwsnort_iptcmds.sh;  ### slow version
+FWSNORT_SAVE_EXEC_FILE  $STATE_DIR/fwsnort.sh;    ### main fwsnort.sh script
+FWSNORT_SAVE_FILE       $STATE_DIR/fwsnort.save;  ### main fwsnort.save file
+IPT_BACKUP_SAVE_FILE    $STATE_DIR/iptables.save; ### iptables policy backup
+
+### system binaries
+shCmd                   /bin/sh;
+echoCmd                 /bin/echo;
+tarCmd                  /bin/tar;
+wgetCmd                 /usr/bin/wget;
+unameCmd                /usr/bin/uname;
+ifconfigCmd             /sbin/ifconfig;
+iptablesCmd             /sbin/iptables;
+iptables-saveCmd        /sbin/iptables-save;
+iptables-restoreCmd     /sbin/iptables-restore;
+ip6tablesCmd            /sbin/ip6tables;
+ip6tables-saveCmd       /sbin/ip6tables-save;
+ip6tables-restoreCmd    /sbin/ip6tables-restore;