GPL (GNU General Public License)    
3.2/5 28
An Open Source application that translates snort rules into equivalent iptables rulesets

editor's review





fwsnort is an open source command-line application written in C and designed to parse the rules files that are included in the Snort intrusion detection software. It also generates equivalent iptables rulesets.

Features at a glance

Key features include support for detecting TCP SYN, NULL, FIN, XMAS scans and UDP scans, several signature rules for Snort, a forensics mode for the analysis of iptables log files, passive operating system fingerprinting through TCP SYN packets, two different fingerprinting strategies, email alerts, and content-based alerts.

Additionally, the application supports validation of code header and icmp type field, configurable danger level and scan thresholds assignments, iptables ruleset parsing, IP/network danger level auto-assignment, DShield alerts, auto-blocking of scanning IP addresses, and a comprehensive status mode.

Command-line options

Among its command-line options, we can mention the ability to restrict the Snort parser to translate only specified rules into iptables rules, support for printing the iptables script to a specified script instream of the default location, support fo executing the fwsnort.sh script, and support for reverting to a different iptables version without using any fwsnort rules.

In addition, you will be able to read iptables policy from a file, to add the --log-tcp-sequence option to iptables, to generate an equivalent iptables rule for a specific Snort ID, to read Snort specific variables out of the program’s configuration file, to translate single or multiple rules file, to check iptables capabilities, as well as to exclude a list of sids from translation.

Getting started with fwsnort

After installing fwsnort using either the pre-built binary packages found in the main software repositories of your Linux distribution or by using the native installers provided by the project for RPM-based distros, you can simply run the ‘fwsnort’ command in a terminal emulator, as root (system administrator) to use the software.

fwsnort was reviewed by Marius Nestor
Last updated on December 22nd, 2014
fwsnort - The help message of the fwsnort command, as viewed from the Linux Terminalfwsnort - The output of the "fwsnort --help" commandfwsnort - fwsnort can only by executed as root (system administrator)

0 User reviews so far.