Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on May 27, 2012
Commits on Feb 17, 2012
  1. Switched --no-ipt-sync to default to not syncing with the iptables po…

    authored
    …licy
    
    By default fwsnort attempts to match translated Snort rules to the running
    iptables policy, but this is tough to do well because iptables policies can be
    complex.  And, before fwsnort switched to the iptables-save format for
    instantiating the policy, a large set of translated rules could take a really
    long time to make active within the kernel.  Finally, many Snort rules restrict
    themselves to established TCP connections anyway, and if a restrictive policy
    doesn't allow connections to get into the established state for some port let's
    say, then there is little harm in having translated Snort rules for this port.
    Some kernel memory would be wasted (small), but no performance would be lost
    since packets won't be processed against these rules anyway.  The end result is
    that the default behavior is now to not sync with the local iptables policy in
    favor of translating and instantiating as many rules as possible.
    
    This commit also moves the fwsnort.sh script and associated files into the
    /var/lib/fwsnort/ directory.
Commits on Jul 22, 2011
  1. Added support for rules updates from several URL's

    authored
    Added support for grabbing Snort rules from multiple URL's via a new variable
    UPDATE_RULES_URL in the /etc/fwsnort/fwsnort.conf file.  This variable can be
    specified multiple times.
Commits on Jul 6, 2011
Commits on Jun 19, 2011
  1. Removed legacy $Id$ tags (for old svn repos)

    authored
    $Id$ tags don't really mean anything to git so they have been removed from all
    source files.
Commits on Dec 31, 2010
  1. added the ability to build ip6tables policies in ip6tables-save format

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@548 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Dec 23, 2010
  1. moved to instantiate the fwsnort iptables-save policy via /etc/fwsnor…

    authored
    …t/fwsnort.sh
    
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@531 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Dec 14, 2010
  1. - Updated to automatically check for the maximum length string that the

    authored
    string match supports, and this is used to through out any Snort rules
    with content matches longer than this length.
    
    
    
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@530 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Jul 23, 2010
  1. Major update to being moving to using the iptables-save format instea…

    authored
    …d of the older
    
    strategy to always just execute iptables commands directly.
    
    
    
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@528 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Jan 5, 2010
  1. - Updated fwsnort to create logs in the /var/log/fwsnort/ directory

    authored
      instead of directly in the /var/log/ directory.  The path is controlled
      by a new variable 'LOG_FILE' in the /etc/fwsnort/fwsnort.conf file.
    - Added several variables in /etc/fwsnort/fwsnort.conf to control paths
      to everything from the config file to the snort rules path.  Coupled
      with this is the ability to create variables within path components and
      fwsnort will expand them (e.g. 'CONF_DIR /etc/fwsnort;
      CONF_FILE $CONF_DIR/fwsnort.conf').
    - Added --Last-cmd arg so that it is easy to rebuild the fwsnort.sh script
      with the same command line args as the previous execution.
    
    
    
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@514 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Dec 22, 2009
  1. - Added the ability to build an fwsnort policy that utilizes ip6tables

    authored
    instead of iptables.  This allows fwsnort filtering and altering
    capabilities to apply to IPv6 traffic instead of just IPv4 traffic.  To
    enable ip6tables usage, use the "-6" or "--ip6tables" command line
    arguments.
    
    
    
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@511 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Jan 31, 2009
  1. From: Franck Joncourt <franck.mail@dthconnex.com>

    authored
    Subject: [PATCH] fixes/content_length
    
    [quote]
    iptables v1.4.2: STRING too long `|7c|XML|7c
    7c|if|7c|SPAN|7c|navigator|7c|CDATA|7c|http|7c|com|7c|w2k3|7c|appVersion|7c|
    version|7c|nt|7c|7c|X|7c|MSIE|7c|wxp|7c|114|7c|HTML|7c|DATAFLD|7c|DATASRC|7c|
    DATAFORMATAS|7c|ID|7c|while|7c|2003|7c|'
    [/quote]
    
    For the --hex-string and --string matches, if the argument exceeds 128 bytes
    (iptables 1.4.2) then iptables fails as above.
    
    Thus, this patch add a new variable in fwsnort.conf "MAX_STRING_LEN", so that
    the size of the content can be limited. If the content (null terminated string)
    is more than MAX_STRING_LEN chars, fwsnort throws the rule away.
    
    Signed-off-by: Franck Joncourt <franck.mail@dthconnex.com>
    
    
    
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@481 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Aug 9, 2008
  1. Updated to import perl modules from /usr/lib/fwsnort, but only if this

    authored
    path actually exists in the filesystem.  This is similar to the strategy
    implemented by psad.  A new variable FWSNORT_LIBS_DIR was added to the
    fwsnort.conf to support this.
    
    
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@442 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Aug 26, 2007
  1. increased average TCP header length to 30 bytes to account for 10 byt…

    authored
    …es of options on ACK packets
    
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@399 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Mar 20, 2007
  1. minor wording update

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@356 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Mar 19, 2007
  1. Added the SSH_PORTS variable

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@354 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Mar 16, 2007
  1. added FWSNORT_<chain>_JUMP variables to allow the admin to control wh…

    authored
    …ere in the built-in INPUT, OUTPUT, and FORWARD chains the jump rules are added for the FWSNORT chains
    
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@338 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Mar 10, 2007
  1. implemented true whitelist/blacklist functionality that is driven by …

    authored
    …the fwsnort.conf WHITELIST/BLACKLIST variables
    
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@327 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Feb 16, 2007
  1. updated TCP header length

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@293 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Nov 10, 2005
  1. added uname command

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@257 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Jul 1, 2005
  1. updated comment wording

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@232 af5c991a-1414-0410-86ad-c3437102cd4a
  2. added added chain keywords

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@229 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Jun 27, 2005
  1. added average packet header length vars for Netfilter length match em…

    authored
    …ulation of dsize option
    
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@209 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Jun 25, 2005
  1. removed interface variables for the fwsnort chain restructuring, fwsn…

    authored
    …ort now supports Snort header variable resolution
    
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@199 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Apr 4, 2004
  1. added IGNOREIP and IGNORENET

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@166 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Mar 19, 2004
  1. more verbose explanations

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@158 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Dec 20, 2003
  1. added tar and wget commands

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@128 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Jul 26, 2003
  1. updated to cipherdyne.org, removed version numbers from directories i…

    authored
    …n perl modules
    
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@109 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Apr 21, 2003
  1. bug fix for INTERNAL_INTF == EXTERNAL_INTF

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@97 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Apr 17, 2003
  1. added echo command

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@81 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Apr 2, 2003
  1. removed NUM_INTERFACES

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@53 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Mar 28, 2003
  1. removed variable expansion

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@29 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Mar 26, 2003
  1. minor semicolon fix

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@28 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Mar 25, 2003
  1. - Added several variables that exist in snort signatures such as

    authored
      SMTP_SERVERS, SHELLCODE_PORTS, etc.
    - The ____SERVERS variables default to the internal interface on
      the firewall (similar to the snort defaults of "$HOME_NET").
    
    
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@27 af5c991a-1414-0410-86ad-c3437102cd4a
Commits on Mar 24, 2003
  1. added NUM_INTERFACES and HTTP vars

    authored
    git-svn-id: file:///home/mbr/svn/fwsnort_repos/fwsnort/trunk@25 af5c991a-1414-0410-86ad-c3437102cd4a
Something went wrong with that request. Please try again.