Package: wnpp Severity: wishlist Owner: Franck Joncourt <[EMAIL PROTECTED]>
* Package name : fwsnort Version : 1.0.4 Upstream Author : Michael Rash <[EMAIL PROTECTED]> * URL : http://www.cipherdyne.org/fwsnort/ * License : GPL Programming Lang: Perl Description : Fwsnort translates Snort rules into iptables rules. fwsnort translates Snort rules into iptables rules and generates a Bourne shell script that implements the resulting iptables commands. This ruleset allows network traffic that exhibits Snort signatures to be logged and/or dropped by iptables directly without putting an interface into promiscuous mode or queuing packets from kernel to user space. Note that fwsnort can also build an iptables policy that combines the string match extension with the NFQUEUE or QUEUE targets to allow the kernel to perform preliminary string matches that are defined within Snort rules before queuing matching packets to userspace. Because the bulk of network communications are not malicious, this should provide a speedup for snort_inline since the majority of packets do not then have to be copied from kernel memory into user memory and subsequently inspected by snort_inline. There is a tradeoff here in terms of signature detection however because snort_inline does not have the opportunity to see all packets associated with a session, so stream reassembly and signature comparisons against a reassembled buffer do not take place (the stream preprocessor - stream4, stream5, etc. - should be disabled). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
