Features at a glance
Key features include support for detecting TCP SYN, NULL, FIN, XMAS scans and UDP scans, several signature rules for Snort, a forensics mode for the analysis of iptables log files, passive operating system fingerprinting through TCP SYN packets, two different fingerprinting strategies, email alerts, and content-based alerts.
Additionally, the application supports validation of code header and icmp type field, configurable danger level and scan thresholds assignments, iptables ruleset parsing, IP/network danger level auto-assignment, DShield alerts, auto-blocking of scanning IP addresses, and a comprehensive status mode.
Among its command-line options, we can mention the ability to restrict the Snort parser to translate only specified rules into iptables rules, support for printing the iptables script to a specified script instream of the default location, support fo executing the fwsnort.sh script, and support for reverting to a different iptables version without using any fwsnort rules.
In addition, you will be able to read iptables policy from a file, to add the --log-tcp-sequence option to iptables, to generate an equivalent iptables rule for a specific Snort ID, to read Snort specific variables out of the program’s configuration file, to translate single or multiple rules file, to check iptables capabilities, as well as to exclude a list of sids from translation.
Getting started with fwsnort
After installing fwsnort using either the pre-built binary packages found in the main software repositories of your Linux distribution or by using the native installers provided by the project for RPM-based distros, you can simply run the ‘fwsnort’ command in a terminal emulator, as root (system administrator) to use the software.
Reviewed by Marius Nestor, last updated on December 22nd, 2014
In a hurry? Add it to your Download Basket!
- (Paulo Bruck) Submitted a patch to fix a bug in fwsnort usage of the iptables --ulog-prefix option (an invalid quote was being used previous to the fix).
- Updated to bundle the latest Emerging Threats rule set.
Application descriptionfwsnort is an open source and free command-line software project that has been designed from the ground up to act as a...