+++ /dev/null
-Michael Rash (508):
- New repository initialized by cvs2svn.
- Initial revision
- added the installer
- began code to parse snort rules, added parse_rule_hdr()
- began parsing rule options
- made several hashes to contain snort vs. iptable filter and log
- options
- added %sopt_log
- added some better comments
- better logging format
- better reporting format
- added the fwsnort.conf config file
- removed INTERNAL_NET and EXTERNAL_NET
- added install for Net::IPv4Addr
- Added readconf(), moved commands into fwsnort.conf
- changed to INTERNAL_INTF
- added validateconf() and get_intf_net()
- reinstated interface command line args
- started interpreting the signature source and destination
- added LICENSE
- added VERSION
- better interface validation (including NUM_INTERFACES)
- added NUM_INTERFACES and HTTP vars
- added dump_conf()
- - Added several variables that exist in snort signatures such as
- SMTP_SERVERS, SHELLCODE_PORTS, etc. - The ____SERVERS
- variables default to the internal interface on the firewall
- (similar to the snort defaults of "$HOME_NET").
- minor semicolon fix
- removed variable expansion
- -Added a "Snort Rule Options" section to the comment area at the
- beginning of the script. -Began completely reworking
- add_ipt_rule(). -Removed variable expansion in lines of
- fwsnort.conf. -Added build_port_arr().
- replaced the four snort options hash with a single hash
- added regex and ipt_opt keys to the snort_opt hash
- added iptables_opts hash to map snort opts to iptables opts
- added install routine for Tie::IxHash
- removed commas in log-prefix output
- added comments to iptables rule output, removed Tie::IxHash call
- -Handle "A+" vs "A" tcp flags. -Fixed regex greediness for snort
- rule fields. -Removed "log_only" section of %snort_opts (these
- fields have been put into the "unsupported" section).
- fixed regex match for ipopts
- added add_ipt_chains() and jump_chain()
- started making use of logr()
- added archive()
- -Reworked /etc/fwsnort directory structure (simplified it).
- -Added ipt_ruleset_hdr(). -Added ip key to %intf_net.
- removed Tie::IxHash
- updated to include version in snort rules directory
- standardized on ipt_blah() function names
- logfile formatting changes
- added code for snort_sid command line option
- added version print
- -Added "sameip" to supported options. -Reinstated the
- %fwsnort_chains hash and added build_fwsnort_chains(). -Split
- up ipt_build_rule() into ipt_build(), ipt_build_rule(), and
- ipt_build_opts(). -Removed dependency on NUM_INTERFACES.
- interim commit for source and destination handling
- cleaned up calls to ipt_build_rule()
- finished handling of INPUT chains
- removed NUM_INTERFACES
- updated ipt_jump_chains()
- first stab at handling FORWARD chain rules
- fixed EXTERNAL_NET reference
- fixed ipopts
- interim commit that adds ipt_allow_traffic()
- added verbose mode, wrapped FORWARD chain code with interface
- conditionals
- fixed directional issue in FORWARD chain
- interim commit that adds ipt_allow_traffic()
- separated defined test on DMZ_INTF
- added install routine for IPTables::Parse
- counts for applicable iptables rules works
- fixed echo statements, better verbose mode
- updated usage(), added --no-ipt-log option
- updated logfile path
- added usage() text, added license
- added ipt_test()
- Added the fwsnort.8 man page
- updated all --fw options to --ipt options
- added INSTALL file
- added install_manpage()
- better Copying statement for snort rules files
- added hex-string patch file
- added preliminary README
- added hex-string patch file
- added help for --hex-string
- Added --hex-string patch discussion section
- more docs updates
- added echo command
- added DESCRIPTION section
- added check for NULL chars in hex content, added sids to logfile
- more docs updates
- added config section for iptables script
- added --hex-string discussion
- fixed null chars in --hex-strings within iptables directly
- updated to NULL string handling in parse_hex_string
- minor fixes
- updated to /etc/fwsnort/snort_rules
- handled back tics in content field
- updated to /etc/fwsnort/snort_rules
- bugfix for not handling identical external and internal interfaces
- minor comment fix in ipt_test()
- added defined check for INTERNAL_INTF
- bug fix for INTERNAL_INTF == EXTERNAL_INTF
- bug fix for internal == external interfaces
- updated to snort 2.0 rules
- updated to snort 2.0 rules, added flow, byte_test, byte_jump, etc
- keywords
- added overall totals
- allowed leading whitespace in snort rules
- bugfix for being too strict on rule filenames
- Initial revision
- updated to cipherdyne.org, removed version numbers from directories
- in perl modules
- minor install text change
- bugfix for number of args to logr()
- re-ordered options hashes
- comment testing
- added the CREDITS file
- added write_ipt_script() for iptables script statements
- added in psad in SEE ALSO section psad.8
- removed newlines from logr() and write_ipt_script() calls
- added ChangeLog
- added --no-ipt-jumps (Thomas Bullinger)
- added snort_opts.pl
- added VERSION file
- -Added installation prefix of /usr/lib/fwsnort for perl modules.
- -Added the ability to download latest snort rules from
- http://www.snort.org -Added check_commands().
- -Added --update-rules option to download latest rules from snort.org.
- -Properly handle icmp protocol now ("Undefined code" sigs are
- ignored, and icmp protocol rules are now no longer
- automatically included within fwsnort.sh). -Added REJECT
- tcp-reset support for tcp sessions that are to be blocked.
- added text on hex string patch being accepted by iptables maintainers
- more stuff for Thomas Bullinger
- more stuff for 0.2
- added 0.2 options
- added tar and wget commands
- added preserve_config() from psad
- updated to 0.2
- updated to snort-2.1 rules
- removed Data::Dumper
- added test for iptables ttl extension
- incremented to version 0.5
- added tar command path
- bugfix for dmz interface
- bugfix for existing downloaded_snort_rule directory
- -Made only a single call to write_ipt_script() to reduce disk
- accesses. -Bugfix for protocols that contain non-word chars
- (such as ">"). -Added regex for ip addresses. -Removed
- "<-" direction parsing for rule header since snort does not
- even support this.
- bugfix for negated src/dst ports
- bugfix for negated dst port
- -Added check for multiple ip_proto fields. -Removed "ip" as a
- protocol that can be translated. -Truncate logfile at startup
- (it is really just a parsing log).
- added 0.6 stuff
- incremented version to 0.6
- minor help updates for ipt_script
- added Paul O., more stuff for Thomas B.
- bugfix for not getting the DMZ interface network
- bugfix for not adding dmz interface rules to INPUT chain
- updated to version 0.6.1
- updated to 0.6.1 stuff
- added --internal-net and --dmz-net
- version 0.6.2
- added icmp-port-unreachable for udp rejects, added --internal-net and
- --dmz-net options
- more verbose explanations
- added Ahmad Almulhem
- added 0.6.2 stuff
- minor bugfix for usage()
- split --ipt-block into --ipt-drop and --ipt-reject, added
- --add-deleted option
- added ignore functionality for both IPs and networks
- added IGNOREIP and IGNORENET
- replace --ipt-block with --ipt-reject and --ipt-drop
- added 0.6.3 stuff
- generic language support for ifconfig output
- Added TODO
- updated to new rules download link on www.snort.org
- added flowbits
- updated to standard logging prefixes [+], [-], and [*]
- updated to Snort-2.3 rules
- updated docs
- added --replace-string patches
- .
- incremented version to 0.6.4
- .
- - Updated to not attempt to download Snort rules from snort.org
- because the rules are no longer available for automatic downloads
- - Changed the install.pl script and the --update-rules mode for
- fwsnort to download the latest signature set from
- http://www.bleedingsnort.com/. (Snort.org is now offering
- pay-service around their rule sets). - Added signature test
- for the "flowbits" keyword.
- bleedingsnort vs. snort.org update
- added support for the pass and log actions in Snort rules, added
- general support for the ULOG target
- 0.6.6
- - Added support for the "resp" keyword to allow it to drive the
- Netfilter argument to the REJECT target. - Added "pcre" to the
- unsupported list... this knocks the fwsnort translation rate
- down to about 50% for Snort-2.3 rules (pcre is heavily
- utilized). - Added "priority" and "rev" to comment lines.
- version 0.7.0
- update Copyright date
- -IP options bugfix to match the ipopts Snort option (several
- arguments are not supported by the ipv4options extension).
- -Added IP protocol support in the translation of the Snort rule
- header.
- started separating Snort rule header options and iptables mapping
- hash
- moved iptables options into snort_opts hash
- complete chain restructuring (see ChangeLog)
- minor path update
- removed interface variables for the fwsnort chain restructuring,
- fwsnort now supports Snort header variable resolution
- added --no-ipt-conntrack command line option, added check for
- Netfilter conntrack match
- added the ability to restrict Netfilter rules to a specified
- intefaces, added ability to remove INPUT, OUTPUT, or FORWARD
- processing
- added exclusion for loopback traffic logged via the loopback
- interface
- updated to handle icmp type/code rules, added rule counter in
- fwsnort.sh script
- more 0.8.0 stuff
- bugfix for not excluding rules that contain ip_proto with a < or >
- char
- Added --snort-conf to read variables out of an existing snort.conf
- file, fixed up usage()
- added command line args output to fwsnort.sh
- made use of Netfiler length match to emulate dsize Snort option,
- added negation tests for source and destination IP addresses
- added average packet header length vars for Netfilter length match
- emulation of dsize option
- bugfix for negated networks
- bugfix for icmp-type order, bugfix for src/dst ports in non-tcp/udp
- protocol match
- length bugfix, non-tcp/udp protocol and port number bugfix
- 0.8.0 stuff
- added list processing support for --include-types and --exclude-types
- added support for the Snort_inline replace option
- added test for --replace-string support
- .
- finished is_local() function, added --no-addresses option, started on
- --ipt-flush
- bugfix for missing space in src/dst iptables args
- bugfix for rules added counter, bugfix for inappropriate protocol
- mapping based on src/dst ports
- updated preservation code to remove interfaces from old configs
- Initial revision
- added linux-2.4.4_conntrack.patch
- .
- added conntrack patches
- added added chain keywords
- -Added --ipt-list to list rules in fwsnort chains. -Finished
- --ipt-flush code. -Updated to use chain names from keywords
- defined in fwsnort.conf. -Update usage().
- added --no-exclude-lo, the default is now to exclude the loopback
- interface from fwsnort processing
- updated comment wording
- moved to patches/ directory
- added string_replace_kernel.patch
- bugfix for Rules added counter, added support for multiple sids in
- --snort-sids, added --exclude-sids option
- --snort-sids list support
- updated stdout output in --snort-sids mode
- bugfix for excluding the loopback interface
- updated to allow list of interfaces to restrict jump rules to
- .
- added patch to extend packet search length from 1024 to 2048 bytes
- (longer than Ethernet MTU
- l7 usage
- updated man page
- updated to add action to logging prefix if --ipt-drop or --ipt-reject
- is used
- DRP and REJ strings
- updated --ipt-apply argument to just execute fwsnort.sh
- minor bugfix to remove extra content-list hash entry
- minor sids->sid update
- moved --ipt-list and --ipt-flush handlers before archive()
- updated to 8 byte ICMP header
- added snortspoof.pl
- .
- updated version to 0.8.0
- updated to handle the string match extension in the 2.6.14 kernel
- 0.8.1 stuff
- added uname command
- .
- 0.8.1
- added hostname to fwsnort.sh doc section
- Initial revision
- rpm package
- .
- format fixes
- .
- updated to Snort-2.3.3 rules
- added IPTables::Parse module
- deprecated old IPTables module for IPTables::Parse module
- -Updated to use perl module installation strategy from fwknop to only
- install modules that don't already exist within the system
- perl module tree. -Added --Force-mod-regex and
- --force-mod-install command line arguments.
- added patch to fix a bug where repetitive strings could not be
- matched within payload data except at specific offests
- updates for 0.8.2 release
- started on 0.8.2 stuff
- added code to detect whether a previously seen state rule applies to
- the current rule in the policy
- -Added --dumper mode to use Data::Dumper to print Snort rule hashes
- and corresponding matching Netfilter rules. This is useful to
- help diagnose IPTables::Parse to see how fwsnort is doing
- w.r.t. matching Snort rules to Netfilter rules. -Added
- 'ack' Snort rule option to the unsupported options in fwsnort.
- The --log-tcp-sequence iptables argument does log
- acknowledgment numbers however (psad can make use of them).
- -Re-worked how fwsnort parses Netfilter policies to use the new
- IPTables::Parse module (which returns an array of hash refs for
- each set of rules in a Netfilter chain). -Added code see
- if state rules apply to current Netfilter rule. -Added support
- for OUTPUT chain.
- bumped version to 0.8.2
- minor bugfix for Dumper() function call in print() statement
- updated to same format as the psad CREDITS file
- updated to use Net::RawIP
- switched to require Net::RawIP so a normal user can check proper
- compilation, removed unnecessary msg var
- updated snort sig comment
- added GPL and standard header text
- added Id tag expansion
- Added cd_rpmbuilder script to make it easy to automatically build
- fwsnort RPM files
- minor opendir shift fix
- backdoor update for Matrix 2.0 sig
- minor opendir shift fix
- linux-2.6 and string matching note
- Added README.RPM file for automated cd_rpmbuilder
- updated TCP header length
- - Added ipt-file argument to allow an iptables policy to be read from
- a file. - Added --Dump-ipt and --Dump-snort to allow iptables
- and snort rules to be dumped to STDOUT. - Additional
- code cleanups to better handle chain names. - Added file
- revision
- updated to latest version from psad project
- minor doc updates
- bugfix to not print duplicate rules in --Dump-ipt and --Dump-snort
- modes
- added bleeding-all.rules
- more 0.8.2 stuff
- more 0.8.2 stuff
- 0.8.2 release
- 0.8.2 release date
- minor fixes for the buildroot and cwd path
- updated to 0.8.2 changes
- Added Revision tag expansion
- updated to force install of IPTables::Parse
- added comment match support for msg fields, added --ipt-rule-nums to
- include rule numbers within fwsnort logging prefixes
- updated to include iptables rule numbers by default (can be disabled
- with --no-ipt-rule-nums)
- updated to latest Bleeding Snort rules
- documentation updates for comment and rule num options
- minor comment update
- added --include-regex and --exclude-regex command line args
- save command line args
- updated to print the entire Snort rule as a comment in the fwsnort.sh
- script without having to use --verbose
- 0.9.0 additions
- added generation timestamp to fwsnort.sh
- 0.9.0 additions
- implemented true whitelist/blacklist functionality that is driven by
- the fwsnort.conf WHITELIST/BLACKLIST variables
- implemented true whitelist/blacklist functionality that is driven by
- the fwsnort.conf WHITELIST/BLACKLIST variables
- updated to latest Bleeding Snort rules
- added -F and -L command line options to emulate the iptables command
- line a bit
- 0.9.0 additions
- minor comment fix
- Bugfix to ensure that traffic directed into the INPUT or coming from
- the OUTPUT chains is treated as going toward or originating
- from the HOME_NET. After all the HOME_NET variable may
- contain an internal network but omit the IP assigned to an
- external interface on the firewall.
- Added "--log-ip-options" and "--log-tcp-options" to fwsnort LOG rules
- by default (in the generated fwsnort.sh script). This can be
- disabled with --no-log-ip-opts and --no-log-tcp-opts arguments
- on the fwsnort command line.
- init scripts
- copyright date update to 2007
- bumped version
- moved the cd_rpmbuilder script into the packaging directory
- added FWSNORT_<chain>_JUMP variables to allow the admin to control
- where in the built-in INPUT, OUTPUT, and FORWARD chains the jump
- rules are added for the FWSNORT chains
- flowbits regex fix
- added string match offset bugfix
- updated to handle multiple content strings and fixed the minimum
- depth criteria
- Updated to handle negative string matches
- bugfix for content matches that contain an escaped semicolon
- update content strings like |00||00| to just |00 00|
- minor update to put rule number echo statement after original snort
- rule
- Added emulation for distance and within from previous content match
- (based on --from and --to and the length of the previous pattern)
- 0.9.0 additions
- added fwsnort version to comment string
- fwsnort version in comment match
- minor update Iptables -> iptables
- bugfix to make sure the 'within' criteria is large enough
- bugfix to ensure the LOG target is built correctly if a comment block
- is too large
- version 0.9.0
- Added the SSH_PORTS variable
- update to latest bleeding snort signatures
- minor wording update
- added the DNS cache poisoning signature
- added support for reporting multiple unsupported options in the
- /var/log/fwsnort.log file
- doc updates
- 0.9.0 release
- doc update, Netfilter -> iptables
- 0.9.0 release date
- - Bug fix to remove any existing jump rules from the built-in INPUT,
- OUTPUT, and FORWARD chains before creating a new jump rules.
- This allows the fwsnort.sh script to be executed multiple
- times without creating a new jump rule into the fwsnort
- chains for each execution. - Added the -X command line
- argument to allow fwsnort to delete all of the fwsnort
- chains; this emulates the iptables command line argument of
- the same name.
- added copyright line
- major update to add the --QUEUE option to speed-up inline Snort
- implementations with in-kernel string matching
- version update to 1.0
- added URL to standard header
- updated to preserve userspace signatures in --QUEUE mode, updated
- snort_rules_mod/ dir to snort_rules_queue
- Added NFQUEUE target support
- Added support for NFQUEUE number with --queue-num
- updated to include full command line args for the snort_rules_queue/
- files in the preamble section
- Added sid field to iptables comment match
- added 'Finished' echo statement to the fwsnort.sh script
- comment match update
- updated to 1.0 release
- - Bugfix for iptables string match --from and --to values to skip
- past packet headers. This is an approximation until a new
- --payload option can be added to the string match extension.
- Also added an iptables test for the --payload option. -
- Added a single iptables rule testing API internally within
- fwsnort; this adds a measure of consistency and removes some
- duplicate code.
- man page updates to include --NFQUEUE and --QUEUE language
- added --queue-rules-dir option
- added --queue-num command line argument
- 1.0 release date
- added Hank L.
- latest update from cipherdyne.org; bugfix for rpmbuild vs. wget path,
- updated to remove md5 sum files
- minor consolidation of push() calls
- Added the ability to automatically resolve command paths if any
- commands cannot be found at the locations specified in the
- fwsnort.conf file.
- TODO additions
- bugfix for ipt_rule_test() function name.
- bumped version to 1.0.1
- removed ChangeLog.svn file
- bugfix to ensure that header lengths are accounted for with payload
- offsets
- increased average TCP header length to 30 bytes to account for 10
- bytes of options on ACK packets
- version 1.0.2
- Added 1.0.2 release
- Added --include-regex and --exclude-regex options
- added --include-re-caseless and --exclude-re-caseless options to have
- --include-regex and --exclude-regex options match case
- insensitively
- started on 1.0.3 additions
- - Added the ability to interpret basic PCRE's that contain strings
- separated by ".*" or ".+" as multiple string matches. The
- only difference between this strategy and the Snort
- implementation is that the ordering of the strings is not
- preserved, but most signature developers don't rely on this
- anyway. - Added asn1 keyword to unsupported list.
- major signature update from Bleeding Threats to include signatures
- for some of the latest malware and exploits
- fwsnort-1.0.3 additions
- minor comment updates
- fwsnort-1.0.3 release
- updated to latest (last?) Bleeding Threats signature set
- added LC_ALL='C' locale setting, added --Exclude-mod-regex
- version 0.5, applied zero protocol fix from Grant, updated to handle
- ULOG rules
- (Grant) updated to set sport and dport to 0:0 if protocol == all
- Added Grant
- (Grant) Suggested bugfix to allow negated networks to be specified
- within iptables allow rules or within the fwsnort.conf file.
- version 1.0.4-pre1
- updated with Grant's last name
- version 1.0.4
- minor usage update
- minor usage update
- minor contributor update
- Franck Joncourt - Submitted patch to fix double dash format
- in fwsnort man page.
- added deps/ directory
- minor update to include contributors
- added code to handle new deps/ directory
- moved IPTables-Parse and Net-IPv4Addr to the deps/ directory
- added fwsnort-nodeps.spec file, updated fwsnort.spec to handle deps/
- directory
- minor bugfix to include missed skip_module_install var
- update for Franck
- added dependencies discussion
- Updated to import perl modules from /usr/lib/fwsnort, but only if
- this path actually exists in the filesystem. This is similar
- to the strategy implemented by psad. A new variable
- FWSNORT_LIBS_DIR was added to the fwsnort.conf to support
- this.
- bumped version to 1.0.5-pre1
- chdir path bugfix
- removed bleeding-all.rules and added emerging-all.rules since Matt
- Jonkman has switched to Emerging Threats
- moved snort_rules directory into deps/, switched to Emerging Threats
- signature set
- added --snort-rdir patch from Franck
- added -nodeps patch from Franck
- updated to handle snort_rules/ directory move to deps/
- version to 1.0.5-pre2
- removed moddir, minor fwsnort URL fix
- minor fwsnort URL fix
- minor update to make sure to always return to the source directory
- when installing perl modules
- applied patch from Franck Joncourt to fix fwsnort man page to replace
- bleeding-all with emerging-all
- removed old 'use lib' call since fwsnort uses the 'require' strategy
- now
- Added support for multiple Snort rule directories as a
- comma-separated list for the argument to --snort-rdir.
- bugfix to exclude all directories except for the first in --update
- mode if multiple directories are given as a comma-separated list
- added bump_version.pl file
- bumped version to 1.0.5-pre3
- bugfix for IPTables::ChainMgr -> IPTables::Parse
- updated 1.0.5 release date, removed perl module path updating code
- moved 'threshold' to the unsupported list since there will be several
- signatures that use this feature to detect the Dan Kaminsky DNS
- attack
- bumped version to 1.0.5-pre4
- minor dodumentation fixes
- added download of Emerging Threats as a tarball (suggested by Franck
- Joncourt)
- Added support for nodeps RPM's
- updated release date
- version 1.0.5
- updated to correct tar.gz path in --no-deps mode
- minor update to include download directory in status output in
- --update mode
- bugfix in strict mode to use the fact that the threshold keyword is
- already unsupported (Franck Joncourt)
- content match fix for Emerging Threats Snort rule ID 2007975 (Frank
- Joncourt)
- wording updates for the fwsnort(8) man page from Justin B Rye and
- Franck Joncourt
- From: Franck Joncourt <franck.mail@dthconnex.com> Subject:
- [PATCH] fixes/content_length
- bumped version to 1.0.6-pre1
- - (Franck Joncourt) Updated fwsnort to use the "! <option> <arg>"
- syntax instead of the older "<option> ! <arg>" for the
- iptables command line.
- - Updated to the latest complete rule set from Emerging Threats (see
- http://www.emergingthreats.net/).
- updated to version 1.0.6-pre2
- updated to the latest rule set from Emerging Threats
- Bug fix to allow fwsnort to properly translate snort rules that have
- "content" fields with embedded escaped semicolons (e.g. "\;").
- This allows fwsnort to translate about 85 additional rules
- from the Emerging Threats rule set.
- updated version to 1.0.6-pre3
- - Bug fix to allow case insensitive matches to work properly with the
- --include-re-caseless and --exclude-re-caseless arguments.
- - Added the --snort-rfile argument so that a specific Snort
- rules file (or list of files separated by commas) is parsed.
- minor cleanup (href->hr, aref->ar)
- - Bug fix to move the 'rawbytes' keyword to the list of keywords that
- are ignored since iptables does a raw match anyway as it
- doesn't run any preprocessors in the Snort sense. - Added
- a small hack to choose the first port from a port list until the
- iptables 'multiport' match is supported. - Updated to
- consolidate spaces in hex matches in the fwsnort.sh script
- since the spaces are not part of patterns to be searched anyway.
- bumped version to fwsnort-1.0.6-pre4
- Added the 'BuildRequires: perl-ExtUtils-MakeMaker' statement
- version 1.0.6
- version 1.0.6
- merged: svn merge -r 500:504
- file:///home/mbr/svn/fwsnort_repos/fwsnort/branches/fwsnort-1.0.6
- updated to the latest Emerging Threats rule set
- updated to the latest Emerging Threats rule set
- - Added the --include-perl-triggers command line argument so that
- translated Snort rules can easily be tested. This argument
- instructs fwsnort to include 'perl -e print ... ' commands as
- comments in the /etc/fwsnort/fwsnort.sh script, and these
- commands can be combined with netcat to send payloads across
- the wire that match Snort rules. - Minor documentation fixes.
- - Added the ability to build an fwsnort policy that utilizes
- ip6tables instead of iptables. This allows fwsnort filtering
- and altering capabilities to apply to IPv6 traffic instead of
- just IPv4 traffic. To enable ip6tables usage, use the "-6" or
- "--ip6tables" command line arguments.
- updated version to 1.1
- - Updated fwsnort to create logs in the /var/log/fwsnort/ directory
- instead of directly in the /var/log/ directory. The path is
- controlled by a new variable 'LOG_FILE' in the
- /etc/fwsnort/fwsnort.conf file. - Added several variables in
- /etc/fwsnort/fwsnort.conf to control paths to everything
- from the config file to the snort rules path. Coupled with
- this is the ability to create variables within path components and
- fwsnort will expand them (e.g. 'CONF_DIR /etc/fwsnort;
- CONF_FILE $CONF_DIR/fwsnort.conf'). - Added --Last-cmd arg so
- that it is easy to rebuild the fwsnort.sh script with the
- same command line args as the previous execution.
- bumped version to 1.1-pre2
- added Guillermo Gomez
- bumped version to 1.1-pre3
- added a -6 example to the EXAMPLES section
- bumped version to 1.1
- minor update Snort -> SNORT
- minor version fix (1.1)
- updated GPL license string to mention GPLv2
- Major update to being moving to using the iptables-save format
- instead of the older strategy to always just execute iptables
- commands directly.
- - Updated the iptables capabilities testing routines to add and
- delete testing rules to/from the custom chain 'FWS_CAP_TEST'.
- This maintains a a cleaner separation between fwsnort and any
- existing iptables policy even during the capabilities testing
- phase. - Added the --ipt-check-capabilities argument to have
- fwsnort test the capabilities of the local iptables firewall
- and exit.
- - Updated to automatically check for the maximum length string that
- the string match supports, and this is used to through out any
- Snort rules with content matches longer than this length.
- moved to instantiate the fwsnort iptables-save policy via
- /etc/fwsnort/fwsnort.sh
- minor comments update
- bumped version to 1.5-pre1
- - Added the --rules-url argument so that the URL for updating the
- Emerging Threats rule set can be specified from the command line.
- The default is:
- bumped version to: 1.5-pre2
- updated to point to the correct Emerging Threats rule set, and added
- the --rules-url arg (similiar to fwsnort)
- bug fix to make sure to add the 'COMMIT' and '# Completed ...' lines
- at the end of the generated fwsnort.save file
- updated to default to pulling Snort rules from the rules directory in
- --snort-rfile mode when running as root
- - Updated to the latest complete rule set from Emerging Threats (see
- http://www.emergingthreats.net/).
- bumped version to 1.5-pre3
- - Added the --string-match-alg argument to allow the string matching
- algorithm used by fwsnort to be specified from the command
- line. The default algorithm is 'bm' for 'Boyer-Moore', but
- 'kmp' may also be specified (short for the
- 'Knuth–Morris–Pratt' algorithm).
- bumped to version 1.5-pre4
- minor update to include the GPL version number (v2) suggested by
- Guillermo Gomez
- added the ability to build ip6tables policies in ip6tables-save
- format
- minor wording update to include ip6tables policies
- update to include information about the iptables-save format
- added UPGRADE section
- copyright date update
- bumped version to: 1.5-pre5
- minor date update
- bumped software version to 1.5
- wording fix for the fwsnort-1.5 ChangeLog
- Removed legacy $Id$ tags (for old svn repos)
- Removed old reference to $rev_num
- Bugfix for --log-prefix maximum lengths
- Bugfix for --ipt-list and --ipt-flush
- Added test for conntrack --ctstate
- Added the --Conntrack-state argument
- Bugfix for --ipt-apply to exec fwsnort.sh
- minor ChangeLog update
- Added newer Snort keywords to snort_opts.pl
- Added three Snort signature keywords
- minor man page wording update
- Added support for Snort keyword 'fast_pattern'
- Added 'fast_pattern' support + no patterns bug fix
- Merge branch 'master' of github.com:mrash/fwsnort
- Added content match ordering based on length
- minor comment wording update for TCP options
- Added 'detection_filter' to not supported list
- Fixed fast_pattern support for relative matches
- minor man page wording update
- Moved GetOpt() call to handle_cmd_line()
- Added the --no-fast-pattern-ordering argument
- Implemented tighter 'within' criteria
- Added --no-fast-pattern-order to --help output
- Added iptables 'multiport' match support
- Updated to the latest Emerging Threats Snort rules
- Added support for the Snort 'nocase' keyword
- Minor change to not write args in --help mode.
- Updated to allow non-root users to execute fwsnort.
- Ignore http_uri, http_method, and urilen
- Bugfix to support --NFQUEUE mode
- Added iptables capabilities test for NFQUEUE modes
- Minor man page wording update for NFQUEUE mode
- Added --queue-pre-match-max <num> argument
- Added support for rules updates from several URL's
- Renamed ChangeLog -> ChangeLog.old
- Bumped version from 1.5 to 1.6
- Added the ChangeLog file for 'git log' output.
- Added iptables capabilities test for COMMENT len
-
projects / fwsnort.git / commitdiff