Projects / Firewall Monitor

Firewall Monitor

fwmon is a firewall monitor for Linux. It integrates with ipchains/iptables to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary with hex and ASCII data dumps to stdout, a logfile, tcpdump-style capture files, and even syslog. It also boasts some simple security features such as the ability to chroot itself, and operate in a non-root environment.

Operating Systems

RSS Recent releases

  •  14 Feb 2002 14:45

Release Notes: A bug where tcpdump files would get overwritten instead of appended to has been fixed. The tcpdump magic number problem has been fixed. A sniffer mode has been added which utilises Linux mmap() packet socket and is very fast.

  •  12 Feb 2002 16:06

Release Notes: A fix for broken permissions on libpcap file creation which could potentially make them world-readable, and minor performance enhancements.

  •  25 Jan 2002 06:24

Release Notes: This release fixes a major crashing bug when the kernel sends oversized packets, an old race condition in the libpcap code, and a small bug in syslog output. It optimizes the code, and adds some new and nicer error messages. fwmon now also emits an error when no output mode is specified.

  •  29 Dec 2001 15:40

Release Notes: A fix for a bug which caused corrupt libpcap files on logrotate, reworked SQL output (much simpler to use -rewrote initdb.sql to reflect the changes), printing the fwmark field out to logfiles, some minor documentation updates, and tidying up the code that works out ICMP type names.

  •  31 Oct 2001 15:39

Release Notes: A fix for a remote DoS caused by stack based buffer overflow (not exploitable to run shellcode), and removing limitations on size of printable packets.


Project Spotlight


Bible study and concordance software.


Project Spotlight


A userspace library providing a netlink programming interface to the nf_tables subsystem.