fwsnort 1.6.4

An Open Source application that translates snort rules into equivalent iptables rulesets
fwsnort - The help message of the fwsnort command, as viewed from the Linux Terminal
  3 Screenshots
fwsnort is an open source command-line application written in C and designed to parse the rules files that are included in the Snort intrusion detection software. It also generates equivalent iptables rulesets.

fwsnort supports detection for tcp syn, null, fin, xmas scans, udp scans, many signature rules for Snort, a forensics mode for the analysis of iptables logfiles, passive OS fingerprinting through tcp syn packets, two different fingerprinting strategies, email alerts, and content-based alerts.

Additionally, the application supports validation of code header and icmp type field, configurable danger level and scan thresholds assignments, iptables ruleset parsing, IP/network danger level auto-assignment, DShield alerts, auto-blocking of scanning IP addresses, and a comprehensive status mode.

last updated on:
February 6th, 2014, 8:10 GMT
license type:
GPL (GNU General Public License) 
developed by:
Michael Rash
ROOT \ System \ Logging
Download Button

In a hurry? Add it to your Download Basket!

user rating 28



Rate it!
3 Screenshots
fwsnort - The output of the "fwsnort --help" commandfwsnort - fwsnort can only by executed as root (system administrator)
What's New in This Release:
  • Bug fix for vulnerability CVE-2014-0039 reported by Murray McAllister of the Red Hat Security Team in which an attacker-controlled fwsnort.conf file could be read by fwsnort when not running as root. This was caused by fwsnort reading './fwsnort.conf' when not running as root and when a path to the config file was not explicitly set with -c on the command line. This behavior has been changed to require the user to specify a path to fwsnort.conf with -c when not running as root.
  • Switch fwsnort.sh iptables-restore exec() strategy to leverage 'cat' against fwsnort.save file (fixes CentOS deployments).
  • Updated to bundle the latest Emerging Threats rule set.
read full changelog

Add your review!