fwsnort 1.6.5

An Open Source application that translates snort rules into equivalent iptables rulesets
fwsnort - The help message of the fwsnort command, as viewed from the Linux Terminal
  3 Screenshots
fwsnort is an open source command-line application written in C and designed to parse the rules files that are included in the Snort intrusion detection software. It also generates equivalent iptables rulesets.

Features at a glance

Key features include support for detecting TCP SYN, NULL, FIN, XMAS scans and UDP scans, several signature rules for Snort, a forensics mode for the analysis of iptables log files, passive operating system fingerprinting through TCP SYN packets, two different fingerprinting strategies, email alerts, and content-based alerts.

Additionally, the application supports validation of code header and icmp type field, configurable danger level and scan thresholds assignments, iptables ruleset parsing, IP/network danger level auto-assignment, DShield alerts, auto-blocking of scanning IP addresses, and a comprehensive status mode.

Command-line options

Among its command-line options, we can mention the ability to restrict the Snort parser to translate only specified rules into iptables rules, support for printing the iptables script to a specified script instream of the default location, support fo executing the fwsnort.sh script, and support for reverting to a different iptables version without using any fwsnort rules.

In addition, you will be able to read iptables policy from a file, to add the --log-tcp-sequence option to iptables, to generate an equivalent iptables rule for a specific Snort ID, to read Snort specific variables out of the program’s configuration file, to translate single or multiple rules file, to check iptables capabilities, as well as to exclude a list of sids from translation.

Getting started with fwsnort

After installing fwsnort using either the pre-built binary packages found in the main software repositories of your Linux distribution or by using the native installers provided by the project for RPM-based distros, you can simply run the ‘fwsnort’ command in a terminal emulator, as root (system administrator) to use the software.

Reviewed by , last updated on December 22nd, 2014


price:
FREE!
homepage:
www.cipherdyne.org
license type:
GPL (GNU General Public License) 
developed by:
Michael Rash
category:
ROOT \ System \ Logging
fwsnort
Download Button

In a hurry? Add it to your Download Basket!

softpedia rating

4.5/5

user rating 28

3.2/5
 

0/5

Rate it!
What's New in This Release:
  • (Paulo Bruck) Submitted a patch to fix a bug in fwsnort usage of the iptables --ulog-prefix option (an invalid quote was being used previous to the fix).
  • Updated to bundle the latest Emerging Threats rule set.
read full changelog
3 Screenshots
fwsnort - The output of the "fwsnort --help" commandfwsnort - fwsnort can only by executed as root (system administrator)
 

Application description

fwsnort is an open source and free command-line software project that has been designed from the ground up to act as a...

Add your review!

SUBMIT