fwsnort   (Firewall Snort)
Version:  1.0.7
Author:   Michael Rash <mbr@cipherdyne.org>
Website:  http://www.cipherdyne.org/fwsnort/

Snort is a registered trademark of Sourcefire, Inc

INSTALLATION:

    (See the INSTALL file in the source directory.)

DESCRIPTION:

fwsnort is a perl script that translates Snort rules into equivalent iptables
rules.  Some Snort rule options (such as "pcre") have no direct translation
into iptables options so not all Snort rules can be translated.  However
approximately 65% of all Snort-2.3.3 (the last release of Snort under the GPL)
signatures can be successfully translated through the use of the iptables
string match module.  When tranlating Snort rules, fwsnort makes heavy use of
the iptables string match extension with its "--hex-string" option (added to
iptables by the fwsnort project) which accepts Snort "content" argument with
hex bytes between "|" chars (such as "|5a 4e|").  This allows the content
fields in Snort rules to be directly input into iptables rulesets from the
command line.  fwsnort alse parses the running iptables policy on the machine
in order to determine which Snort rules are applicable to the specific policy
loaded on the machine.

fwsnort requires the iptables string match module in order to be able to
detect application layer attacks.  If you are running modern Linux
distribution then it is likely that the kernel has been compiled with iptables
string matching support, and fwsnort will test this.

PLATFORMS:

fwsnort is compatible with iptables only, hence fwsnort will exclusively run
on Linux running a 2.6 series kernel (with some support for 2.4 kernels as
well).

COPYRIGHT:

Copyright (C) 2003-2009 Michael Rash (mbr@cipherdyne.org)

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.


$Id: README 510 2009-12-21 04:17:57Z mbr $
