| 1 | fwsnort-0.7.0 (06/05/2005): |
|---|
| 2 | - Added support for the Snort pass action by using the ACCEPT target. |
|---|
| 3 | - Added support for the Snort log action by using the ULOG target |
|---|
| 4 | (which can then log the packet via the pcap writer). |
|---|
| 5 | - Added support for all fwsnort alerts to be logged via the ULOG |
|---|
| 6 | target instead of the LOG target. |
|---|
| 7 | - Added support for the "resp" keyword to allow it to drive the |
|---|
| 8 | Netfilter argument to the REJECT target. |
|---|
| 9 | - Added "pcre" to the unsupported list... this knocks the fwsnort |
|---|
| 10 | translation rate down to about 50% for Snort-2.3 rules (pcre is |
|---|
| 11 | heavily utilized). |
|---|
| 12 | - Added "priority" and "rev" to comment lines. |
|---|
| 13 | |
|---|
| 14 | fwsnort-0.6.5 (03/20/2005): |
|---|
| 15 | - Updated to not attempt to download Snort rules from snort.org |
|---|
| 16 | because the rules are no longer available for automatic downloads |
|---|
| 17 | - Changed the install.pl script and the --update-rules mode for |
|---|
| 18 | fwsnort to download the latest signature set from |
|---|
| 19 | http://www.bleedingsnort.com/. |
|---|
| 20 | (Snort.org is now offering pay-service around their rule sets). |
|---|
| 21 | - Added signature test for the "flowbits" keyword. |
|---|
| 22 | |
|---|
| 23 | fwsnort-0.6.4 (12/18/2004): |
|---|
| 24 | - Updated to Snort-2.3 rules. FWSnort can convert a total of 1710 |
|---|
| 25 | out of 2559 total Snort-2.3 rules. |
|---|
| 26 | - Updated to new Snort rules download link for --update-rules mode: |
|---|
| 27 | http://www.snort.org/dl/rules/snortrules-snapshot-CURRENT.tar.gz |
|---|
| 28 | - Updated to standard [+], [-], and [*] prefixes for info, warning |
|---|
| 29 | and die logging messages. |
|---|
| 30 | - Added --replace-string patches. |
|---|
| 31 | |
|---|
| 32 | fwsnort-0.6.3 (04/04/2004): |
|---|
| 33 | - Added ignore functionality for both IPs and networks |
|---|
| 34 | - Split --ipt-block into --ipt-drop and --ipt-reject to add DROP |
|---|
| 35 | or REJECT rules respectively. |
|---|
| 36 | - Added --add-deleted option to allow rules in the "deleted.rules" |
|---|
| 37 | file to be added. |
|---|
| 38 | |
|---|
| 39 | fwsnort-0.6.2 (03/19/2004): |
|---|
| 40 | - Added --internal-net and --dmz-net options so that internal and |
|---|
| 41 | dmz networks can be manually specified without having to parse |
|---|
| 42 | the output of ifconfig. This is most useful for running fwsnort |
|---|
| 43 | on a linux system that is acting as a bridge where no ip addresses |
|---|
| 44 | are assigned to the interfaces. |
|---|
| 45 | - Bugfix for missing icmp-port-unreachable rejects for UDP packets. |
|---|
| 46 | |
|---|
| 47 | fwsnort-0.6.1 (02/01/2004): |
|---|
| 48 | - Bugfix for not adding dmz interface rules to INPUT chain. |
|---|
| 49 | - Bugfix for not getting the DMZ interface network. |
|---|
| 50 | |
|---|
| 51 | fwsnort-0.6 (01/04/2004): |
|---|
| 52 | - Speed increase and disk access decrease by writing iptables |
|---|
| 53 | commands to the iptables script only after all lines have been |
|---|
| 54 | generated. |
|---|
| 55 | - Bugfix for DMZ interface. |
|---|
| 56 | - Bugfix for multiple ip_proto fields. |
|---|
| 57 | - Removed the ip protocol as an allowed protocol for translation. |
|---|
| 58 | - Bugfix for negated port numbers. |
|---|
| 59 | - Removed "<-" rule direction since not even snort supports this. |
|---|
| 60 | - Fixed snort rule updates from snort.org. |
|---|
| 61 | |
|---|
| 62 | fwsnort-0.5 (12/21/2003): |
|---|
| 63 | - Added "-j REJECT --reject-with tcp-reset" for tcp sessions |
|---|
| 64 | if the --ipt-block option is specified. |
|---|
| 65 | - Added ability to download latest snort rules from snort.org. |
|---|
| 66 | - Added --no-ipt-jumps. |
|---|
| 67 | - Added better checking for iptables build characteristics such |
|---|
| 68 | as the LOG target and wether or not the ipv4options extension |
|---|
| 69 | is compiled in. |
|---|
| 70 | - Added config preservation code from psad in install.pl. |
|---|
