An Open Source application that translates snort rules into equivalent iptables rulesets
fwsnort supports detection for tcp syn, null, fin, xmas scans, udp scans, many signature rules for Snort, a forensics mode for the analysis of iptables logfiles, passive OS fingerprinting through tcp syn packets, two different fingerprinting strategies, email alerts, and content-based alerts.
Additionally, the application supports validation of code header and icmp type field, configurable danger level and scan thresholds assignments, iptables ruleset parsing, IP/network danger level auto-assignment, DShield alerts, auto-blocking of scanning IP addresses, and a comprehensive status mode.
In a hurry? Add it to your Download Basket!
What's New in This Release:
- Bug fix for vulnerability CVE-2014-0039 reported by Murray McAllister of the Red Hat Security Team in which an attacker-controlled fwsnort.conf file could be read by fwsnort when not running as root. This was caused by fwsnort reading './fwsnort.conf' when not running as root and when a path to the config file was not explicitly set with -c on the command line. This behavior has been changed to require the user to specify a path to fwsnort.conf with -c when not running as root.
- Switch fwsnort.sh iptables-restore exec() strategy to leverage 'cat' against fwsnort.save file (fixes CentOS deployments).
- Updated to bundle the latest Emerging Threats rule set.