fwsnort 1.6.5

An Open Source application that translates snort rules into equivalent iptables rulesets

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!

What's new in fwsnort 1.6.5:

  • (Paulo Bruck) Submitted a patch to fix a bug in fwsnort usage of the iptables --ulog-prefix option (an invalid quote was being used previous to the fix).
  • Updated to bundle the latest Emerging Threats rule set.
Read full changelog
send us
an update
GPL (GNU General Public License) 
Michael Rash
3.2/5 28
ROOT \ System \ Logging
3 fwsnort Screenshots:
fwsnort - The help message of the fwsnort command, as viewed from the Linux Terminalfwsnort - The output of the "fwsnort --help" commandfwsnort - fwsnort can only by executed as root (system administrator)
fwsnort is an open source command-line application written in C and designed to parse the rules files that are included in the Snort intrusion detection software. It also generates equivalent iptables rulesets.

Features at a glance

Key features include support for detecting TCP SYN, NULL, FIN, XMAS scans and UDP scans, several signature rules for Snort, a forensics mode for the analysis of iptables log files, passive operating system fingerprinting through TCP SYN packets, two different fingerprinting strategies, email alerts, and content-based alerts.

Additionally, the application supports validation of code header and icmp type field, configurable danger level and scan thresholds assignments, iptables ruleset parsing, IP/network danger level auto-assignment, DShield alerts, auto-blocking of scanning IP addresses, and a comprehensive status mode.

Command-line options

Among its command-line options, we can mention the ability to restrict the Snort parser to translate only specified rules into iptables rules, support for printing the iptables script to a specified script instream of the default location, support fo executing the fwsnort.sh script, and support for reverting to a different iptables version without using any fwsnort rules.

In addition, you will be able to read iptables policy from a file, to add the --log-tcp-sequence option to iptables, to generate an equivalent iptables rule for a specific Snort ID, to read Snort specific variables out of the program’s configuration file, to translate single or multiple rules file, to check iptables capabilities, as well as to exclude a list of sids from translation.

Getting started with fwsnort

After installing fwsnort using either the pre-built binary packages found in the main software repositories of your Linux distribution or by using the native installers provided by the project for RPM-based distros, you can simply run the ‘fwsnort’ command in a terminal emulator, as root (system administrator) to use the software.

fwsnort was reviewed by , last updated on December 22nd, 2014

#translates snort rules #equivalent iptables ruleset #iptables ruleset #snort #translates #snort #rules

Add your review!