All releases of fwsnort
Release Notes: This release switches the default policy load stance to load all translated Snort rules into the running iptables policy by default. This was made possible after fwsnort made use of the iptables-save format for policy instantiation. Updated to use the NetAddr::IP module from CPAN. A bugfix for translated ICMP rules and ICMP type requirements in recent versions of iptables.
Release Notes: A bugfix for the 'Couldn't load target' error seen on some Linux systems. A bugfix for interpreting pattern ordering in Snort rules with relative pattern matches. Updated to the latest Emerging Threats rule set.
Release Notes: Snort fast_pattern support and iptables multiport match support were added. The --QUEUE and --NFQUEUE modes were enhanced. Support was added for the conntrack module for connection tracking. Case-insensitive pattern matching was added via the --icase argument to the iptables string match extension. A couple of minor bugs were fixed.
Release Notes: Support for ip6tables was added so that fwsnort can apply Snort rules to IPv6 traffic. The ability to create Perl commands that print application layer data that matches Snort rules was added via a new "--include-perl-triggers" argument. Better support for configuration variables within the fwsnort.conf file was added.
Release Notes: A bug was fixed to allow fwsnort to properly translate snort rules that have "content" fields with embedded escaped semicolons (e.g. "\;"). This allows fwsnort to translate about 58 additional rules from the Emerging Threats rule set. A bug was fixed to allow case insensitive matches to work properly with the --include-re-caseless and --exclude re-caseless arguments. The code was updated to the latest complete rule set from Emerging Threats. The --snort-rfile argument was added so that a specific Snort rules file (or list of files separated by commas) is parsed.
Release Notes: This release replaces the bleeding-all.rules file with the emerging-all.rules file because Matt Jonkman now releases his rule sets at emergingthreats.net. Restructured Perl module paths make it easy to introduce a "nodeps" distribution of fwsnort that does not contain any Perl modules, allowing better integration with systems that already have all necessary modules installed (including the IPTables::ChainMgr and IPTables::Parse modules). This release adds support for multiple Snort rule directories as a comma-separated list for the argument to --snort-rdir.
Release Notes: This version was updated to exclude loopback interfaces from iptables allow rules parsing. This behavior can be reversed with the existing --no-exclude-loopback command line argument. IPTables::Parse was updated to take into account iptables policy output that contains "0" instead of "all" to represent any protocol. IPTables::Parse was updated to set sport and dport to "0:0" if the protocol is "all". A bug was fixed to allow negated networks to be specified within iptables allow rules or within the fwsnort.conf file. install.pl was updated to set the LC_ALL environment variable to "C".
Release Notes: A major signature update from Bleeding Threats. This update includes a large number of new signatures with PCRE statements, with an emphasis on detecting SQL injection attacks directed at internal Web servers from external sources. The ability to interpret PCRE statements that include simple string matches separated by ".*" and ".+" as multiple iptables string matches has been added. The asn1 keyword has been added to the unsupported list.
Release Notes: A bugfix to make sure to add in header lengths for depth and offset values, since the string match extension starts comparing bytes from the start of the data link header. A bugfix for the ipt_rule_test() function name. The ability to automatically resolve command paths if any commands cannot be found at the locations specified in the fwsnort.conf file.
Release Notes: This is a major update to add the ability to send packets that match content or uricontent criteria to userspace via the iptables QUEUE or NFQUEUE targets. This can be used to speed up snort_inline IPS. A fwsnort mailing list was added. A bug was fixed to remove any existing jump rules from the built-in INPUT, OUTPUT, and FORWARD chains before creating a new jump rules. This allows the fwsnort.sh script to be executed multiple times without creating a new jump rule in the fwsnort chains for each execution.
