Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Dec 22, 2012
  1. minor version string fix

    authored
Commits on Dec 21, 2012
  1. updated 1.6.3 release date

    authored
  2. HOME_NET(any) -> EXTERNAL_NET(any) => OUTPUT chain

    authored
    Dwight Davis reported that "when EXTERNAL_NET is set to 'any' the outbound rules
    get put into the INPUT chain":  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693000
    
    This commit fixes this behavior, and forces such rules to the OUTPUT chain
    whenever the original Snort rule has HOME_NET -> EXTERNAL_NET.
Commits on Dec 20, 2012
  1. added ip6tables tests

    authored
  2. added --strict test

    authored
  3. Applied patch from Dwight Davis to fix multiple issues.

    authored
    (Dwight Davis) Contributed patches for several bugs including not
    handling --exclude-regex properly, not ignoring the deleted.rules file,
    not handling --strict mode opertions correctly, and more.  These issues
    and the corresponding patch were originally reported here:
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693000
  4. added --exclude-type tests

    authored
Commits on Dec 19, 2012
  1. iptables capabilities check optimization

    authored
    Implemented a single unified function for iptables match parameter
    length testing, and optimized to drastically reduce run time for iptables
    capabilities checks (going from over 20 seconds to less than one second
    in some cases).
  2. Added easy way to revert fwsnort iptables policy changes

    authored
    Added the ability to easily revert the fwsnort policy back to the
    original iptables policy with "/var/lib/fwsnort/fwsnort.sh -r".  Note
    that this reverts back to the policy as it was when fwsnort itself was
    executed.
  3. added a test suite for fwsnort

    authored
  4. bug fix in --no-ipt-test mode to ensure no empty lines in fwsnort.sav…

    authored
    …e related to the conntrack test
Commits on Dec 18, 2012
  1. bumped version to 1.6.3

    authored
  2. bumped version to 1.6.3

    authored
  3. minor ChangeLog update

    authored
  4. All strings with non [A-Za-z0-9] chars now converted to hex format

    authored
      Bug fix to ensure that !, <, >, and = chars in content strings are
      converted to the appropriate hex equivalents.  All content strings with
      characters outside of [A-Za-z0-9] are now converted to hex-string format
      in their entirety.  This should also fix an issue that results in the
      following error when running /var/lib/fwsnort/fwsnort.sh:
    
        Using intrapositioned negation (`--option ! this`) is deprecated in
        favor of extrapositioned (`! --option this`).
        Bad argument `bm'
        Error occurred at line: 64
        Try `iptables-restore -h' or 'iptables-restore --help' for more
        information.
            Done.
  5. added INSTALL_ROOT variable

    authored
  6. added INSTALL_ROOT variable

    authored
  7. added fwsnort-1.6.3 changes

    authored
  8. fwsnort-1.6.3 release

    authored
  9. minor README re-ordering

    authored
Something went wrong with that request. Please try again.