fwsnort 1.6.5

An Open Source application that translates snort rules into equivalent iptables rulesets
GPL (GNU General Public License) 
Michael Rash
3.2/5 28
ROOT \ System \ Logging
3 fwsnort Screenshots:
fwsnort - The help message of the fwsnort command, as viewed from the Linux Terminalfwsnort - The output of the "fwsnort --help" commandfwsnort - fwsnort can only by executed as root (system administrator)
fwsnort is an open source command-line application written in C and designed to parse the rules files that are included in the Snort intrusion detection software. It also generates equivalent iptables rulesets.

Features at a glance

Key features include support for detecting TCP SYN, NULL, FIN, XMAS scans and UDP scans, several signature rules for Snort, a forensics mode for the analysis of iptables log files, passive operating system fingerprinting through TCP SYN packets, two different fingerprinting strategies, email alerts, and content-based alerts.

Additionally, the application supports validation of code header and icmp type field, configurable danger level and scan thresholds assignments, iptables ruleset parsing, IP/network danger level auto-assignment, DShield alerts, auto-blocking of scanning IP addresses, and a comprehensive status mode.

Command-line options

Among its command-line options, we can mention the ability to restrict the Snort parser to translate only specified rules into iptables rules, support for printing the iptables script to a specified script instream of the default location, support fo executing the fwsnort.sh script, and support for reverting to a different iptables version without using any fwsnort rules.

In addition, you will be able to read iptables policy from a file, to add the --log-tcp-sequence option to iptables, to generate an equivalent iptables rule for a specific Snort ID, to read Snort specific variables out of the program’s configuration file, to translate single or multiple rules file, to check iptables capabilities, as well as to exclude a list of sids from translation.

Getting started with fwsnort

After installing fwsnort using either the pre-built binary packages found in the main software repositories of your Linux distribution or by using the native installers provided by the project for RPM-based distros, you can simply run the ‘fwsnort’ command in a terminal emulator, as root (system administrator) to use the software.

fwsnort was reviewed by , last updated on December 22nd, 2014

#translates snort rules #equivalent iptables ruleset #iptables ruleset #snort #translates #snort #rules

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!

What's new in fwsnort 1.6.5:

  • (Paulo Bruck) Submitted a patch to fix a bug in fwsnort usage of the iptables --ulog-prefix option (an invalid quote was being used previous to the fix).
  • Updated to bundle the latest Emerging Threats rule set.
Read full changelog
send us
an update

Add your review!