Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
fwsnort (Firewall Snort) Version: 0.6.4 Author: Michael Rash <email@example.com> Website: http://www.cipherdyne.org/fwsnort/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- INSTALLATION: (See the INSTALL file in the source directory.) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- **IMPORTANT**: fwsnort requires the iptables string match module in order to be able to detect application layer attacks. In addition, fwsnort extends iptables by adding a "--hex-string" option with a patch against iptables/extensions/libipt_string.c. This patch has been accepted by the iptables maintainers and is a part of iptables as of the 1.2.9 release. If you are running a version of iptables that is less than 1.2.9, then you will need to apply the patch yourself (the patch is against iptables-1.2.7a). The basic steps to do this are: -download iptables-1.2.7a.tar.bz2 from http://www.netfilter.org -tar xvfj iptables-1.2.7a.tar.bz2 -cp fwsnort-0.1/libipt_string.c.patch iptables-1.2.7a/extensions -cd iptables-1.2.7a/extensions -patch libipt_string.c libipt_string.c.patch -compile and install iptables =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- DESCRIPTION: fwsnort is a perl script that translates snort rules into equivalent iptables rules. Some snort rule options such as "content-list", and "sameip" have no direct translation into iptables options so not all snort rules can be translated. However approximately 65% of all snort signatures can be successfully translated through the use of the iptables string match module. Also, included with the fwsnort sources is a patch for the user space portion of iptables that adds a new option "--hex-string" which accepts an argument such as "|5a 4e|". This allows the content fields in snort rules to be directly input into iptables rulesets from the command line. fwsnort parses the running iptables policy on the machine in order to determine which snort rules are applicable to the specific policy loaded on the machine. NOTE: The Netfilter string match extension has not yet been ported to the 2.6 Linux kernel, and so fwsnort is yet not compatible with the 2.6 kernel. Also, note that string_replace_iptables.patch and string_replace_iptables.patch are included in the fwsnort sources, but they are not actually used by fwsnort. These patches provide the ability to alter application layer data in a manner similar to the "replace" keyword in Snort_inline by adding two new iptables command line options "--replace-string" and "--replace-hex-string". =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- PLATFORMS: fwsnort is compatible with iptables only, hence fwsnort will exclusively run on Linux running a 2.4.x series kernel. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- COPYRIGHT: Copyright (C) 2003 Michael Rash (firstname.lastname@example.org) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. $Id$