cipherdyne.org - fwsnort.git/commit

author	Michael Rash <mbr@cipherdyne.org>
	Fri, 21 Dec 2012 04:42:28 +0000 (23:42 -0500)
committer	Michael Rash <mbr@cipherdyne.org>
	Fri, 21 Dec 2012 04:42:28 +0000 (23:42 -0500)
commit	c4c6fed8bf536914213077298a0e9ce446889632
tree	27e21e46897c3da82d82ff3441d27278b2343de3	tree \| snapshot
parent	0a073fde549f2e937a94dc644294bef509581f32	commit \| diff

HOME_NET(any) -> EXTERNAL_NET(any) => OUTPUT chain

Dwight Davis reported that "when EXTERNAL_NET is set to 'any' the outbound rules
get put into the INPUT chain": http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693000

This commit fixes this behavior, and forces such rules to the OUTPUT chain
whenever the original Snort rule has HOME_NET -> EXTERNAL_NET.

fwsnort		diff \| blob \| history
test/test-fwsnort.pl		diff \| blob \| history

fwsnort: Application Layer IDS/IPS with iptables

RSS Atom