As of
.B fwsnort-1.5
all iptables rules built by fwsnort are written out to the
-.I /etc/fwsnort/fwsnort.save
+.I /var/lib/fwsnort/fwsnort.save
file in iptables-save format. This allows a long fwsnort policy (which may
contain thousands of iptables rules translated from a large Snort signature
set) to be quickly instantiated via the "iptables-restore" command. A wrapper
script
-.I /etc/fwsnort/fwsnort.sh
+.I /var/lib/fwsnort/fwsnort.sh
is also written out to make this easy. Hence, the typical work flow for
fwsnort is to: 1) run fwsnort, 2) note the Snort rules that fwsnort was able
to successfully translate (the number of such rules is printed to stdout),
and then 3) execute the
-.I /etc/fwsnort/fwsnort.sh
+.I /var/lib/fwsnort/fwsnort.sh
wrapper script to instantiate the policy in the running kernel.
.B fwsnort
.TP
.BR \-\^\-ipt-script\ \<script\ file>
Specify the path to the iptables script generated by fwsnort. The
-default location is /etc/fwsnort/fwsnort.sh.
+default location is /var/lib/fwsnort/fwsnort.sh.
.TP
.BR \-\^\-ipt-check-capabilities
Check iptables capabilities and exit.
.B fwsnort
with the same command line arguments as the previous execution. This is a
convenient way of rebuilding the
-.I /etc/fwsnort/fwsnort.sh
+.I /var/lib/fwsnort/fwsnort.sh
script without having to remember what the last command line args were.
.TP
.BR \-\^\-NFQUEUE
changed on the command line with \-\-config.
.RE
-.B /etc/fwnort/fwsnort.sh
+.B /var/lib/fwnort/fwsnort.sh
.RS
The iptables script generated by fwsnort. The path can be manually
specified on the command line with the \-\-ipt-script option.
projects / fwsnort.git / commitdiff