From c174590a238ecf0cfc46357f7c9cd611e171f506 Mon Sep 17 00:00:00 2001
From: Michael Rash <mbr@cipherdyne.org>
Date: Sun, 15 Nov 2015 20:33:33 -0500
Subject: [PATCH] Use '-p all' instead of '-p ip', closes #10

---
 CREDITS   | 4 ++++
 ChangeLog | 5 +++++
 fwsnort   | 3 ++-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CREDITS b/CREDITS
index 0044f64..1f997fd 100644
--- a/CREDITS
+++ b/CREDITS
@@ -104,3 +104,7 @@ Paulo Bruck
     - Submitted a patch to fix a bug in fwsnort usage of the iptables
       --ulog-prefix option (an invalid quote was being used previous to the
       fix).
+
+Github user mgaulton:
+    - Reported an issue where the iptables 'all' keyword should have been used
+      intead of 'ip' to represent all IP protocols as the argument to -p.
diff --git a/ChangeLog b/ChangeLog
index 3d535fc..dc97634 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+fwsnort-1.6.6 (11//2014):
+    - Fixed an issue for Snort rules against all IP protocols should be
+      translated with the iptables '-p all' argument instead of '-p ip'. This
+      issue was reported by Github user mgaulton.
+
 fwsnort-1.6.5 (08/26/2014):
     - (Paulo Bruck) Submitted a patch to fix a bug in fwsnort usage of the
       iptables --ulog-prefix option (an invalid quote was being used previous
diff --git a/fwsnort b/fwsnort
index 960752e..a9150f0 100755
--- a/fwsnort
+++ b/fwsnort
@@ -1808,7 +1808,8 @@ sub ipt_build_rule() {
         }
 
         if ($hdr_hr->{'proto'} =~ /ip/) {
-            $rule .= " $ipt_hdr_opts{'proto'} $hdr_hr->{'proto'}";
+            ### the special iptables keyword 'all' means all IP protocols
+            $rule .= " $ipt_hdr_opts{'proto'} all";
         } else {
             $rule .= " $ipt_hdr_opts{'proto'} $hdr_hr->{'proto'} " .
                 "-m $hdr_hr->{'proto'}";