Use '-p all' instead of '-p ip', closes #10

CREDITS

@@ -104,3 +104,7 @@ Paulo Bruck
     - Submitted a patch to fix a bug in fwsnort usage of the iptables
       --ulog-prefix option (an invalid quote was being used previous to the
       fix).
+
+Github user mgaulton:
+    - Reported an issue where the iptables 'all' keyword should have been used
+      intead of 'ip' to represent all IP protocols as the argument to -p.

ChangeLog

@@ -1,3 +1,8 @@
+fwsnort-1.6.6 (11//2014):
+    - Fixed an issue for Snort rules against all IP protocols should be
+      translated with the iptables '-p all' argument instead of '-p ip'. This
+      issue was reported by Github user mgaulton.
+
 fwsnort-1.6.5 (08/26/2014):
     - (Paulo Bruck) Submitted a patch to fix a bug in fwsnort usage of the
       iptables --ulog-prefix option (an invalid quote was being used previous

fwsnort

@@ -1808,7 +1808,8 @@ sub ipt_build_rule() {
         }
 
         if ($hdr_hr->{'proto'} =~ /ip/) {
-            $rule .= " $ipt_hdr_opts{'proto'} $hdr_hr->{'proto'}";
+            ### the special iptables keyword 'all' means all IP protocols
+            $rule .= " $ipt_hdr_opts{'proto'} all";
         } else {
             $rule .= " $ipt_hdr_opts{'proto'} $hdr_hr->{'proto'} " .
                 "-m $hdr_hr->{'proto'}";