[Fwsnort-discuss] fwsnort-1.6.3 released
Brought to you by:
mbr
From: Michael R. <mb...@ci...> - 2012-12-22 02:51:01
|
Hello All, fwsnort-1.6.3 has been released: http://www.cipherdyne.org/fwsnort/download/ Here is the ChangeLog: - Bug fix to ensure that !, <, >, and = chars in content strings are converted to the appropriate hex equivalents. All content strings with characters outside of [A-Za-z0-9] are now converted to hex-string format in their entirety. This should also fix an issue that results in the following error when running /var/lib/fwsnort/fwsnort.sh: Using intrapositioned negation (`--option ! this`) is deprecated in favor of extrapositioned (`! --option this`). Bad argument `bm' Error occurred at line: 64 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Done. - Bug fix to set default max string length in --no-ipt-test mode where iptables capabilities are not tested. - (Andrew Merenbach) Bug fix to properly honor --exclude-regex filtering option. - Added fwsnort test suite to the test/ directory. This mimics the test suites from the psad and fwknop projects, and it designed to examine many of the run time results of fwsnort. - Added the ability to easily revert the fwsnort policy back to the original iptables policy with "/var/lib/fwsnort/fwsnort.sh -r". Note that this reverts back to the policy as it was when fwsnort itself was executed. - Implemented a single unified function for iptables match parameter length testing, and optimized to drastically reduce run time for iptables capabilities checks (going from over 20 seconds to less than one second in some cases). - (Dwight Davis) Contributed patches for several bugs including not handling --exclude-regex properly, not ignoring the deleted.rules file, not handling --strict mode opertions correctly, and more. These issues and the corresponding patch were originally reported here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693000 - Bug fix for Snort rules with HOME_NET(any) -> EXTERNAL_NET(any) to ensure they go into the OUTPUT chain instead of the INPUT chain. This bug was reported by Dwight Davis. - Updated to bundle the latest Emerging Threats rule set. Thanks, -- Michael Rash | Founder http://www.cipherdyne.org/ Key fingerprint: E2EF 0C8A 5AA9 654C 4763 B50F 37AC E946 7F51 8271 |