I'm posting this here because some people combine psad with fwsnort
in order to detect application layer attacks.
This is a -pre release of fwsnort-1.5, which will be a major update.
I'm hoping for a couple of test results on the -pre4 release, which
contains a change that moves fwsnort to use the iptables-save format
instead of executing an individual iptables command for each fwsnort
The impacts are:
1) Execution time to instantiate an fwsnort policy should go from
minutes (for long fwsnort policies) down to seconds.
2) fwsnort policies are spliced into the running iptables policy
at the time of execution of the fwsnort perl script - not the time
when the /etc/fwsnort/fwsnort.sh script is executed. This is not a
big deal if you normally execute fwsnort.sh after the perl script,
or if you don't change your iptables policy around much between the
3) If there is any problem with a single fwsnort rule, then the
whole policy is not instantiate at all - this helps to ensure that
there is not a chance for a inconsistent policy.
Please let me know if there are any issues.
Michael Rash | Founder
Key fingerprint: E2EF 0C8A 5AA9 654C 4763 B50F 37AC E946 7F51 8271