Dwight Davis reported that "when EXTERNAL_NET is set to 'any' the outbound rules get put into the INPUT chain": http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693000 This commit fixes this behavior, and forces such rules to the OUTPUT chain whenever the original Snort rule has HOME_NET -> EXTERNAL_NET.
(Dwight Davis) Contributed patches for several bugs including not handling --exclude-regex properly, not ignoring the deleted.rules file, not handling --strict mode opertions correctly, and more. These issues and the corresponding patch were originally reported here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693000
Added the ability to easily revert the fwsnort policy back to the original iptables policy with "/var/lib/fwsnort/fwsnort.sh -r". Note that this reverts back to the policy as it was when fwsnort itself was executed.
…e related to the conntrack test
Bug fix to ensure that !, <, >, and = chars in content strings are converted to the appropriate hex equivalents. All content strings with characters outside of [A-Za-z0-9] are now converted to hex-string format in their entirety. This should also fix an issue that results in the following error when running /var/lib/fwsnort/fwsnort.sh: Using intrapositioned negation (`--option ! this`) is deprecated in favor of extrapositioned (`! --option this`). Bad argument `bm' Error occurred at line: 64 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Done.