Michael Rash, Security Researcher

Software Release - fwsnort-0.8.2

fwsnort-0.8.2 release The 0.8.2 release of fwsnort is ready for download. This release updates to use the latest version of the IPTables::Parse module from the psad project which returns a rule-by-rule hash reference for each iptables rule in the current policy. This allows a better series of tests to determine whether an iptables policy will pass traffic that corresponds to a particular Snort rule. I.e., if the iptables policy drops all HTTP traffic, then it is not of much use to translate Snort HTTP signatures. There are also a few bugfixes and enhancements compatibility. Here is the ChangeLog:
  • Updated to newer IPTables::Parse module that uses the array of hash references method of returning iptables policy data.
  • Added --Dump-ipt and --Dump-snort rules to allow iptables policy and Snort rules to be dumped to STDOUT.
  • Added bleeding-all.rules file from
  • Added patches/bm_goodshift_fix.patch patch file that fixes an initialization bug in the Boyer-Moore text search implementation in the kernel (linux-2.6.x/lib/ts_bm.c) which caused slightly repetitive patterns to only match at specific offsets with the string match extension.
  • Bugfix to ensure that a depth cannot be less that an offset (these translate to the --to and --from command line arguments to iptables).
  • Bugfix to escape '$' chars in iptables search strings.
  • Added cd_rpmbuilder to make it easy to automatically build RPM files of fwsnort.
  • Added support for the iptables OUTPUT chain.
  • Added the ChangeLog.svn file so that all of the changed files and corresponding svn commit messages can be viewed (this file is built from release to release).