Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Feb 10, 2015
Commits on Aug 27, 2014
  1. changes since 1.6.4

    authored
  2. spec files fwsnort-1.6.5 release

    authored
  3. changes since 1.6.4

    authored
  4. bumped version to 1.6.5

    authored
Commits on Feb 9, 2014
  1. (Paulo Bruck) Bug fix for --ulog-prefix option

    authored
    An invalid quote was being used previous to this commit.
Commits on Feb 2, 2014
  1. changes since 1.6.3

    authored
  2. added note about 'cat' usage

    authored
  3. bumped version to 1.6.4

    authored
Commits on Feb 1, 2014
  1. Bug fix for CVE-2014-0039

    authored
    Bug fix for vulnerability CVE-2014-0039 reported by Murray McAllister of
    the Red Hat Security Team in which an attacker-controlled fwsnort.conf
    file could be read by fwsnort when not running as root.  This was caused
    by fwsnort reading './fwsnort.conf' when not running as root and when a
    path to the config file was not explicitly set with -c on the command
    line.  This behavior has been changed to require the user to specify a
    path to fwsnort.conf with -c when not running as root.
Commits on Jan 24, 2014
Commits on Feb 8, 2013
  1. Added 'cat' and 'grep' commands

    authored
  2. switch fwsnort.sh iptables-restore exec() strategy to leverage 'cat' …

    authored
    …against fwsnort.save file (fixes CentOS deployments)
  3. minor typo fix

    authored
Commits on Dec 22, 2012
  1. minor version string fix

    authored
Commits on Dec 21, 2012
  1. updated 1.6.3 release date

    authored
  2. HOME_NET(any) -> EXTERNAL_NET(any) => OUTPUT chain

    authored
    Dwight Davis reported that "when EXTERNAL_NET is set to 'any' the outbound rules
    get put into the INPUT chain":  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693000
    
    This commit fixes this behavior, and forces such rules to the OUTPUT chain
    whenever the original Snort rule has HOME_NET -> EXTERNAL_NET.
Commits on Dec 20, 2012
  1. added ip6tables tests

    authored
  2. added --strict test

    authored
  3. Applied patch from Dwight Davis to fix multiple issues.

    authored
    (Dwight Davis) Contributed patches for several bugs including not
    handling --exclude-regex properly, not ignoring the deleted.rules file,
    not handling --strict mode opertions correctly, and more.  These issues
    and the corresponding patch were originally reported here:
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693000
  4. added --exclude-type tests

    authored
Something went wrong with that request. Please try again.