cipherdyne.org

17 February, 2007

The 0.8.2 release of fwsnort is ready for download. This release updates to use the latest version of the IPTables::Parse module from the psad project which returns a rule-by-rule hash reference for each iptables rule in the current policy. This allows a better series of tests to determine whether an iptables policy will pass traffic that corresponds to a particular Snort rule. I.e., if the iptables policy drops all HTTP traffic, then it is not of much use to translate Snort HTTP signatures. There are also a few bugfixes and enhancements compatibility. Here is the ChangeLog:

• Updated to newer IPTables::Parse module that uses the array of hash references method of returning iptables policy data.
• Added --Dump-ipt and --Dump-snort rules to allow iptables policy and Snort rules to be dumped to STDOUT.
• Added bleeding-all.rules file from http://www.bleedingsnort.com/
• Added patches/bm_goodshift_fix.patch patch file that fixes an initialization bug in the Boyer-Moore text search implementation in the kernel (linux-2.6.x/lib/ts_bm.c) which caused slightly repetitive patterns to only match at specific offsets with the string match extension.
• Bugfix to ensure that a depth cannot be less that an offset (these translate to the --to and --from command line arguments to iptables).
• Bugfix to escape '$' chars in iptables search strings.
• Added cd_rpmbuilder to make it easy to automatically build RPM files of fwsnort.
• Added support for the iptables OUTPUT chain.
• Added the ChangeLog.svn file so that all of the changed files and corresponding svn commit messages can be viewed (this file is built from release to release).