fwsnort
fwsnort translates snort rules into an equivalent iptables ruleset. By making use of the iptables string match module, fwsnort can detect application layer signatures which exist in many snort rules. fwsnort adds a --hex-string option to iptables, which allows snort rules that contain hex characters to be input directly into iptables rulesets without modification. In addition, fwsnort makes use of the IPTables::Parse Perl module in order to (optionally) restrict the snort rule translation to only those rules that specify traffic that could potentially be allowed through an existing iptables policy.
| Tags | Logging Monitoring Networking Firewalls |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX Linux |
| Implementation | C Perl Unix Shell |
Recent releases
- 02 Sep 2011 22:04
Release Notes: A bugfix for the 'Couldn't load target' error seen on some Linux systems. A bugfix for interpreting pattern ordering in Snort rules with relative pattern matches. Updated to the latest Emerging Threats rule set.
- 29 Jul 2011 06:04
Release Notes: Snort fast_pattern support and iptables multiport match support were added. The --QUEUE and --NFQUEUE modes were enhanced. Support was added for the conntrack module for connection tracking. Case-insensitive pattern matching was added via the --icase argument to the iptables string match extension. A couple of minor bugs were fixed.
- 09 Jan 2010 08:08
Release Notes: Support for ip6tables was added so that fwsnort can apply Snort rules to IPv6 traffic. The ability to create Perl commands that print application layer data that matches Snort rules was added via a new "--include-perl-triggers" argument. Better support for configuration variables within the fwsnort.conf file was added.
- 31 May 2009 08:40
Release Notes: A bug was fixed to allow fwsnort to properly translate snort rules that have "content" fields with embedded escaped semicolons (e.g. "\;"). This allows fwsnort to translate about 58 additional rules from the Emerging Threats rule set. A bug was fixed to allow case insensitive matches to work properly with the --include-re-caseless and --exclude re-caseless arguments. The code was updated to the latest complete rule set from Emerging Threats. The --snort-rfile argument was added so that a specific Snort rules file (or list of files separated by commas) is parsed.
- 22 Aug 2008 14:25
Release Notes: This release replaces the bleeding-all.rules file with the emerging-all.rules file because Matt Jonkman now releases his rule sets at emergingthreats.net. Restructured Perl module paths make it easy to introduce a "nodeps" distribution of fwsnort that does not contain any Perl modules, allowing better integration with systems that already have all necessary modules installed (including the IPTables::ChainMgr and IPTables::Parse modules). This release adds support for multiple Snort rule directories as a comma-separated list for the argument to --snort-rdir.
michaelrash
21 Apr 2003 06:10
Heartbeat
- Popularity Score
- 225.63
- Vitality Score
- 20.81
- Subscriptions
- 70
