fwsnort

'fwsnort' translates snort rules into an equivalent iptables ruleset. By using the iptables string match module, fwsnort detects application layer signatures which exist in many snort rules. It adds a --hex-string option to iptables, which lets users directly input snort rules that contain hex characters into iptables rulesets without modification.

'fwsnort' also uses the IPTables::Parse Perl module to (optionally) restrict the snort rule translation to only those rules that specify traffic that could potentially be allowed through an existing iptables policy.

Last updated 7 Jan, 2008


User level: Submit a level

User Rating:

Homepage

License(s) :

GPLv2orlater

Rate it!

 

About

Leadership
Requirements
  • IPTables::Parse (Weak Prerequisite)

Versions

0.8.0

0.8.0 beta released 2005-07-11

User Community and Support

User manpage available in HTML format from http://www.cipherdyne.org/projects/fwknop/docs.html

General Resources
Support Resources

Development

Developer Resources
 

Please send comments on these web pages to bug-directory@fsf.org, send other questions to info@fsf.org.

Copyright © 2000 - 2009 Free Software Foundation, Inc., 51 Franklin Street, 5th Floor, Boston, MA 02110-1301, USA

The copyright licensing notice below applies to this text. Any software described in this text has its own copyright notice and license, which can usually be found in the distribution itself.

Permission is granted to copy, distribute, and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts.