| 1 |
fwsnort-0.7.0 (06/05/2005): |
|---|
| 2 |
- Added support for the Snort pass action by using the ACCEPT target. |
|---|
| 3 |
- Added support for the Snort log action by using the ULOG target |
|---|
| 4 |
(which can then log the packet via the pcap writer). |
|---|
| 5 |
- Added support for all fwsnort alerts to be logged via the ULOG |
|---|
| 6 |
target instead of the LOG target. |
|---|
| 7 |
- Added support for the "resp" keyword to allow it to drive the |
|---|
| 8 |
Netfilter argument to the REJECT target. |
|---|
| 9 |
- Added "pcre" to the unsupported list... this knocks the fwsnort |
|---|
| 10 |
translation rate down to about 50% for Snort-2.3 rules (pcre is |
|---|
| 11 |
heavily utilized). |
|---|
| 12 |
- Added "priority" and "rev" to comment lines. |
|---|
| 13 |
|
|---|
| 14 |
fwsnort-0.6.5 (03/20/2005): |
|---|
| 15 |
- Updated to not attempt to download Snort rules from snort.org |
|---|
| 16 |
because the rules are no longer available for automatic downloads |
|---|
| 17 |
- Changed the install.pl script and the --update-rules mode for |
|---|
| 18 |
fwsnort to download the latest signature set from |
|---|
| 19 |
http://www.bleedingsnort.com/. |
|---|
| 20 |
(Snort.org is now offering pay-service around their rule sets). |
|---|
| 21 |
- Added signature test for the "flowbits" keyword. |
|---|
| 22 |
|
|---|
| 23 |
fwsnort-0.6.4 (12/18/2004): |
|---|
| 24 |
- Updated to Snort-2.3 rules. FWSnort can convert a total of 1710 |
|---|
| 25 |
out of 2559 total Snort-2.3 rules. |
|---|
| 26 |
- Updated to new Snort rules download link for --update-rules mode: |
|---|
| 27 |
http://www.snort.org/dl/rules/snortrules-snapshot-CURRENT.tar.gz |
|---|
| 28 |
- Updated to standard [+], [-], and [*] prefixes for info, warning |
|---|
| 29 |
and die logging messages. |
|---|
| 30 |
- Added --replace-string patches. |
|---|
| 31 |
|
|---|
| 32 |
fwsnort-0.6.3 (04/04/2004): |
|---|
| 33 |
- Added ignore functionality for both IPs and networks |
|---|
| 34 |
- Split --ipt-block into --ipt-drop and --ipt-reject to add DROP |
|---|
| 35 |
or REJECT rules respectively. |
|---|
| 36 |
- Added --add-deleted option to allow rules in the "deleted.rules" |
|---|
| 37 |
file to be added. |
|---|
| 38 |
|
|---|
| 39 |
fwsnort-0.6.2 (03/19/2004): |
|---|
| 40 |
- Added --internal-net and --dmz-net options so that internal and |
|---|
| 41 |
dmz networks can be manually specified without having to parse |
|---|
| 42 |
the output of ifconfig. This is most useful for running fwsnort |
|---|
| 43 |
on a linux system that is acting as a bridge where no ip addresses |
|---|
| 44 |
are assigned to the interfaces. |
|---|
| 45 |
- Bugfix for missing icmp-port-unreachable rejects for UDP packets. |
|---|
| 46 |
|
|---|
| 47 |
fwsnort-0.6.1 (02/01/2004): |
|---|
| 48 |
- Bugfix for not adding dmz interface rules to INPUT chain. |
|---|
| 49 |
- Bugfix for not getting the DMZ interface network. |
|---|
| 50 |
|
|---|
| 51 |
fwsnort-0.6 (01/04/2004): |
|---|
| 52 |
- Speed increase and disk access decrease by writing iptables |
|---|
| 53 |
commands to the iptables script only after all lines have been |
|---|
| 54 |
generated. |
|---|
| 55 |
- Bugfix for DMZ interface. |
|---|
| 56 |
- Bugfix for multiple ip_proto fields. |
|---|
| 57 |
- Removed the ip protocol as an allowed protocol for translation. |
|---|
| 58 |
- Bugfix for negated port numbers. |
|---|
| 59 |
- Removed "<-" rule direction since not even snort supports this. |
|---|
| 60 |
- Fixed snort rule updates from snort.org. |
|---|
| 61 |
|
|---|
| 62 |
fwsnort-0.5 (12/21/2003): |
|---|
| 63 |
- Added "-j REJECT --reject-with tcp-reset" for tcp sessions |
|---|
| 64 |
if the --ipt-block option is specified. |
|---|
| 65 |
- Added ability to download latest snort rules from snort.org. |
|---|
| 66 |
- Added --no-ipt-jumps. |
|---|
| 67 |
- Added better checking for iptables build characteristics such |
|---|
| 68 |
as the LOG target and wether or not the ipv4options extension |
|---|
| 69 |
is compiled in. |
|---|
| 70 |
- Added config preservation code from psad in install.pl. |
|---|
