fwsnort-0.6.4 (12/18/2004); - Updated to Snort-2.3 rules. FWSnort can convert a total of 1710 out of 2559 total Snort-2.3 rules. - Updated to new Snort rules download link for --update-rules mode: http://www.snort.org/dl/rules/snortrules-snapshot-CURRENT.tar.gz - Updated to standard [+], [-], and [*] prefixes for info, warning and die logging messages. fwsnort-0.6.3 (04/04/2004); - Added ignore functionality for both IPs and networks - Split --ipt-block into --ipt-drop and --ipt-reject to add DROP or REJECT rules respectively. - Added --add-deleted option to allow rules in the "deleted.rules" file to be added. fwsnort-0.6.2 (03/19/2004); - Added --internal-net and --dmz-net options so that internal and dmz networks can be manually specified without having to parse the output of ifconfig. This is most useful for running fwsnort on a linux system that is acting as a bridge where no ip addresses are assigned to the interfaces. - Bugfix for missing icmp-port-unreachable rejects for UDP packets. fwsnort-0.6.1 (02/01/2004): - Bugfix for not adding dmz interface rules to INPUT chain. - Bugfix for not getting the DMZ interface network. fwsnort-0.6 (01/04/2004): - Speed increase and disk access decrease by writing iptables commands to the iptables script only after all lines have been generated. - Bugfix for DMZ interface. - Bugfix for multiple ip_proto fields. - Removed the ip protocol as an allowed protocol for translation. - Bugfix for negated port numbers. - Removed "<-" rule direction since not even snort supports this. - Fixed snort rule updates from snort.org. fwsnort-0.5 (12/21/2003): - Added "-j REJECT --reject-with tcp-reset" for tcp sessions if the --ipt-block option is specified. - Added ability to download latest snort rules from snort.org. - Added --no-ipt-jumps. - Added better checking for iptables build characteristics such as the LOG target and wether or not the ipv4options extension is compiled in. - Added config preservation code from psad in install.pl.