#!/bin/bash
#Copyright 2003 William Stearns <wstearns@pobox.com>
#Released under the GPL.

#ZZZZ Check Me and MyVersion
Me='snort-web-cgi'
MyVersion='20031125'
#DefaultActions=''

[ -r /etc/firebricks/firebricks.conf ] &&			. /etc/firebricks/firebricks.conf
[ -r /etc/firebricks/$Me.conf ] &&				. /etc/firebricks/$Me.conf
[ -r ${FBLibDir:-'/usr/lib/firebricks/'}/firebrickslib ] &&	. ${FBLibDir:-'/usr/lib/firebricks/'}/firebrickslib
if [ -z "$FBLibVer" ]; then
	echo 'It looks like firebrickslib was not loaded, why?  Exiting' >&2
	exit 1
fi

for OneTask in $Tasks ; do
	case "$OneTask" in
	link)
		$IptablesBin -N $Me >/dev/null 2>&1
#ZZZZ try to restrict the following three to only send down what the chain needs to inspect.
		$IptablesBin $AppIn INPUT -i \! lo						-j $Me
		$IptablesBin $AppIn FORWARD							-j $Me
		$IptablesBin $AppIn OUTPUT							-j $Me
		;;
	unlink)
#ZZZZ Make the same changes as above (such as "-p tcp"), but if you cut and paste, note "$AppIn" is now "-D"
		$IptablesBin -D INPUT -i \! lo							-j $Me
		$IptablesBin -D FORWARD								-j $Me
		$IptablesBin -D OUTPUT								-j $Me
		$IptablesBin -X $Me >/dev/null 2>&1
		;;
	create)
		echo "Starting $Me" >&2
		FlushOrNewChain $Me


		LogAs="SID803"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/hsx.cgi"' --string '"../../"' --string '"%00"'	$Tail	# '"WEB-CGI HyperSeek hsx.cgi directory traversal attempt"' bugtraq,2314 cve,CAN-2001-0253 classtype:web-application-attack sid:803
		LogAs="SID1607"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/hsx.cgi"'	$Tail	# '"WEB-CGI HyperSeek hsx.cgi access"' bugtraq,2314 cve,CAN-2001-0253 classtype:web-application-activity sid:1607
		LogAs="SID804"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/s.cgi"' --string '"tmpl="'	$Tail	# '"WEB-CGI SWSoft ASPSeek Overflow attempt"' nocase-ignored cve,CAN-2001-0476 bugtraq,2492 classtype:web-application-attack sid:804
		LogAs="SID805"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/wsisa.dll/WService="' --string '"WSMadmin"'	$Tail	# '"WEB-CGI webspeed access"' nocase-ignored nocase-ignored arachnids,467 cve,CVE-2000-0127 nessus,10304 classtype:attempted-user sid:805
		LogAs="SID806"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/YaBB"' --string '"../"'	$Tail	# '"WEB-CGI yabb directory traversal attempt"' nocase-ignored cve,CVE-2000-0853 arachnids,462 bugtraq,1668 classtype:attempted-recon sid:806
		LogAs="SID1637"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/YaBB"'	$Tail	# '"WEB-CGI yabb access"' nocase-ignored cve,CVE-2000-0853 arachnids,462 bugtraq,1668 classtype:attempted-recon sid:1637
		LogAs="SID807"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/wwwboard/passwd.txt"'	$Tail	# '"WEB-CGI /wwwboard/passwd.txt access"' nocase-ignored arachnids,463 cve,CVE-1999-0953 nessus,10321 bugtraq,649 classtype:attempted-recon sid:807
		LogAs="SID808"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/webdriver"'	$Tail	# '"WEB-CGI webdriver access"' nocase-ignored arachnids,473 bugtraq,2166 nessus,10592 classtype:attempted-recon sid:808
		LogAs="SID809"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/whois_raw.cgi?"' --string '""'	$Tail	# '"WEB-CGI whois_raw.cgi arbitrary command execution attempt"' cve,CAN-1999-1063 arachnids,466 nessus,10306 classtype:web-application-attack sid:809
		LogAs="SID810"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/whois_raw.cgi"'	$Tail	# '"WEB-CGI whois_raw.cgi access"' cve,CAN-1999-1063 arachnids,466 nessus,10306 classtype:attempted-recon sid:810
		LogAs="SID811"		$Ipt -A $Me -p tcp --dport 80 -m string --string '" /HTTP/1."'	$Tail	# '"WEB-CGI websitepro path access"' nocase-ignored cve,CAN-2000-0066 arachnids,468 classtype:attempted-recon sid:811
		LogAs="SID812"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/webplus?about"'	$Tail	# '"WEB-CGI webplus version access"' nocase-ignored cve,CVE-2000-0282 arachnids,470 classtype:attempted-recon sid:812
		LogAs="SID813"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/webplus?script"' --string '"../"'	$Tail	# '"WEB-CGI webplus directory traversal"' nocase-ignored cve,CVE-2000-0282 arachnids,471 classtype:web-application-attack sid:813
		LogAs="SID815"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/websendmail"'	$Tail	# '"WEB-CGI websendmail access"' nocase-ignored cve,CVE-1999-0196 arachnids,469 bugtraq,2077 nessus,10301 classtype:attempted-recon sid:815
		LogAs="SID1571"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/dcforum.cgi"' --string '"forum=../.."'	$Tail	# '"WEB-CGI dcforum.cgi directory traversal attempt"' cve,CAN-2001-0436 classtype:web-application-attack sid:1571
		LogAs="SID818"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/dcforum.cgi"'	$Tail	# '"WEB-CGI dcforum.cgi access"' bugtraq,2728 classtype:attempted-recon sid:818
		LogAs="SID817"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/dcboard.cgi"' --string '"command=register"' --string '"%7cadmin"'	$Tail	# '"WEB-CGI dcboard.cgi invalid user addition attempt"' bugtraq,2728 classtype:web-application-attack sid:817
		LogAs="SID1410"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/dcboard.cgi"'	$Tail	# '"WEB-CGI dcboard.cgi access"' bugtraq,2728 classtype:attempted-recon sid:1410
		LogAs="SID819"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/mmstdod.cgi"'	$Tail	# '"WEB-CGI mmstdod.cgi access"' nocase-ignored cve,CVE-2001-0021 classtype:attempted-recon sid:819
		LogAs="SID820"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/apexec.pl"' --string '"template=../"'	$Tail	# '"WEB-CGI anaconda directory transversal attempt"' nocase-ignored cve,CVE-2000-0975 bugtraq,2388 classtype:web-application-attack sid:820
		LogAs="SID821"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/imagemap.exe?"'	$Tail	# '"WEB-CGI imagemap.exe overflow attempt"' nocase-ignored arachnids,412 cve,CVE-1999-0951 classtype:web-application-attack sid:821
		LogAs="SID1700"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/imagemap.exe"'	$Tail	# '"WEB-CGI imagemap.exe access"' nocase-ignored cve,CVE-1999-0951 arachnids,412 classtype:web-application-activity sid:1700
		LogAs="SID823"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cvsweb.cgi"'	$Tail	# '"WEB-CGI cvsweb.cgi access"' nocase-ignored cve,CVE-2000-0670 bugtraq,1469 classtype:attempted-recon sid:823
		LogAs="SID824"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/php.cgi"'	$Tail	# '"WEB-CGI php.cgi access"' nocase-ignored cve,CAN-1999-0238 bugtraq,2250 arachnids,232 classtype:attempted-recon sid:824
		LogAs="SID825"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/glimpse"'	$Tail	# '"WEB-CGI glimpse access"' nocase-ignored bugtraq,2026 classtype:attempted-recon sid:825
		LogAs="SID1608"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/htmlscript?../.."'	$Tail	# '"WEB-CGI htmlscript attempt"' nocase-ignored bugtraq,2001 cve,CVE-1999-0264 classtype:web-application-attack sid:1608
		LogAs="SID826"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/htmlscript"'	$Tail	# '"WEB-CGI htmlscript access"' nocase-ignored bugtraq,2001 cve,CVE-1999-0264 classtype:attempted-recon sid:826
		LogAs="SID827"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/info2www"'	$Tail	# '"WEB-CGI info2www access"' nocase-ignored bugtraq,1995 cve,CVE-1999-0266 classtype:attempted-recon sid:827
		LogAs="SID828"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/maillist.pl"'	$Tail	# '"WEB-CGI maillist.pl access"' nocase-ignored classtype:attempted-recon sid:828
		LogAs="SID829"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/nph-test-cgi"'	$Tail	# '"WEB-CGI nph-test-cgi access"' nocase-ignored nessus,10165 arachnids,224 cve,CVE-1999-0045 bugtraq,686 classtype:attempted-recon sid:829
		LogAs="SID1451"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/nph-maillist.pl"'	$Tail	# '"WEB-CGI NPH-publish access"' nocase-ignored cve,CAN-2001-0400 classtype:attempted-recon sid:1451
		LogAs="SID830"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/nph-publish"'	$Tail	# '"WEB-CGI NPH-publish access"' nocase-ignored cve,CAN-1999-1177 classtype:attempted-recon sid:830
		LogAs="SID833"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/rguest.exe"'	$Tail	# '"WEB-CGI rguest.exe access"' nocase-ignored cve,CAN-1999-0467 bugtraq,2024 classtype:attempted-recon sid:833
		LogAs="SID834"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/rwwwshell.pl"'	$Tail	# '"WEB-CGI rwwwshell.pl access"' nocase-ignored url,www.itsecurity.com/papers/p37.htm classtype:attempted-recon sid:834
		LogAs="SID1644"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/test-cgi/*?*"'	$Tail	# '"WEB-CGI test-cgi attempt"' nocase-ignored nessus,10282 cve,CVE-1999-0070 arachnids,218 classtype:web-application-attack sid:1644
		LogAs="SID835"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/test-cgi"'	$Tail	# '"WEB-CGI test-cgi access"' nocase-ignored nessus,10282 cve,CVE-1999-0070 arachnids,218 classtype:attempted-recon sid:835
		LogAs="SID1645"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/testcgi"'	$Tail	# '"WEB-CGI testcgi access"' nocase-ignored nessus,11610 bugtraq,7214 classtype:web-application-activity sid:1645
		LogAs="SID1646"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/test.cgi"'	$Tail	# '"WEB-CGI test.cgi access"' nocase-ignored classtype:web-application-activity sid:1646
		LogAs="SID836"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/textcounter.pl"'	$Tail	# '"WEB-CGI textcounter.pl access"' nocase-ignored cve,CAN-1999-1479 classtype:attempted-recon sid:836
		LogAs="SID837"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/uploader.exe"'	$Tail	# '"WEB-CGI uploader.exe access"' nocase-ignored cve,CVE-1999-0177 nessus,10291 classtype:attempted-recon sid:837
		LogAs="SID838"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/webgais"'	$Tail	# '"WEB-CGI webgais access"' nocase-ignored arachnids,472 bugtraq,2058 cve,CVE-1999-0176 nessus,10300 classtype:attempted-recon sid:838
		LogAs="SID839"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/finger"'	$Tail	# '"WEB-CGI finger access"' nocase-ignored arachnids,221 cve,CVE-1999-0612 nessus,10071 classtype:attempted-recon sid:839
		LogAs="SID840"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/perlshop.cgi"'	$Tail	# '"WEB-CGI perlshop.cgi access"' nocase-ignored cve,CAN-1999-1374 classtype:attempted-recon sid:840
		LogAs="SID841"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/pfdisplay.cgi"'	$Tail	# '"WEB-CGI pfdisplay.cgi access"' nocase-ignored bugtraq,64 cve,CVE-1999-0270 classtype:attempted-recon sid:841
		LogAs="SID842"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/aglimpse"'	$Tail	# '"WEB-CGI aglimpse access"' nocase-ignored nessus,10095 cve,CVE-1999-0147 bugtraq,2026 classtype:attempted-recon sid:842
		LogAs="SID843"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/AnForm2"'	$Tail	# '"WEB-CGI anform2 access"' nocase-ignored cve,CVE-1999-0066 arachnids,225 classtype:attempted-recon sid:843
		LogAs="SID844"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/args.bat"'	$Tail	# '"WEB-CGI args.bat access"' nocase-ignored cve,CAN-1999-1374 classtype:attempted-recon sid:844
		LogAs="SID1452"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/args.cmd"'	$Tail	# '"WEB-CGI args.cmd access"' nocase-ignored cve,CAN-1999-1374 classtype:attempted-recon sid:1452
		LogAs="SID845"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/AT-admin.cgi"'	$Tail	# '"WEB-CGI AT-admin.cgi access"' nocase-ignored cve,CAN-1999-1072 classtype:attempted-recon sid:845
		LogAs="SID1453"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/AT-generated.cgi"'	$Tail	# '"WEB-CGI AT-generated.cgi access"' nocase-ignored cve,CAN-1999-1072 classtype:attempted-recon sid:1453
		LogAs="SID846"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bnbform.cgi"'	$Tail	# '"WEB-CGI bnbform.cgi access"' nocase-ignored cve,CVE-1999-0937 bugtraq,1469 classtype:attempted-recon sid:846
		LogAs="SID847"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/campas"'	$Tail	# '"WEB-CGI campas access"' nocase-ignored cve,CVE-1999-0146 bugtraq,1975 classtype:attempted-recon sid:847
		LogAs="SID848"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/view-source"' --string '"../"'	$Tail	# '"WEB-CGI view-source directory traversal"' nocase-ignored nocase-ignored cve,CVE-1999-0174 classtype:web-application-attack sid:848
		LogAs="SID849"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/view-source"'	$Tail	# '"WEB-CGI view-source access"' nocase-ignored cve,CVE-1999-0174 classtype:attempted-recon sid:849
		LogAs="SID850"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/wais.pl"'	$Tail	# '"WEB-CGI wais.pl access"' nocase-ignored classtype:attempted-recon sid:850
		LogAs="SID1454"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/wwwwais"'	$Tail	# '"WEB-CGI wwwwais access"' nocase-ignored nessus,10597 cve,CAN-2001-0223 classtype:attempted-recon sid:1454
		LogAs="SID851"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/files.pl"'	$Tail	# '"WEB-CGI files.pl access"' nocase-ignored cve,CAN-1999-1081 classtype:attempted-recon sid:851
		LogAs="SID852"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/wguest.exe"'	$Tail	# '"WEB-CGI wguest.exe access"' nocase-ignored cve,CAN-1999-0467 bugtraq,2024 classtype:attempted-recon sid:852
		LogAs="SID853"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/wrap"'	$Tail	# '"WEB-CGI wrap access"' nessus,10317 bugtraq,373 arachnids,234 cve,CVE-1999-0149 classtype:attempted-recon sid:853
		LogAs="SID854"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/classifieds.cgi"'	$Tail	# '"WEB-CGI classifieds.cgi access"' nocase-ignored bugtraq,2020 cve,CVE-1999-0934 classtype:attempted-recon sid:854
		LogAs="SID856"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/environ.cgi"'	$Tail	# '"WEB-CGI environ.cgi access"' nocase-ignored classtype:attempted-recon sid:856
		LogAs="SID1647"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/faxsurvey?/"'	$Tail	# '"WEB-CGI faxsurvey attempt (full path)"' nocase-ignored cve,CVE-1999-0262 bugtraq,2056 nessus,10067 classtype:web-application-attack sid:1647
		LogAs="SID1609"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/faxsurvey?cat%20"'	$Tail	# '"WEB-CGI faxsurvey arbitrary file read attempt"' nocase-ignored nessus,10067 cve,CVE-1999-0262 bugtraq,2056 classtype:web-application-attack sid:1609
		LogAs="SID857"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/faxsurvey"'	$Tail	# '"WEB-CGI faxsurvey access"' nocase-ignored cve,CVE-1999-0262 bugtraq,2056 nessus,10067 classtype:web-application-activity sid:857
		LogAs="SID858"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/filemail.pl"'	$Tail	# '"WEB-CGI filemail access"' nocase-ignored cve,CAN-1999-1154 classtype:attempted-recon sid:858
		LogAs="SID859"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/man.sh"'	$Tail	# '"WEB-CGI man.sh access"' nocase-ignored cve,CAN-1999-1179 classtype:attempted-recon sid:859
		LogAs="SID860"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/snork.bat"'	$Tail	# '"WEB-CGI snork.bat access"' nocase-ignored bugtraq,1053 cve,CVE-2000-0169 arachnids,220 classtype:attempted-recon sid:860
		LogAs="SID861"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/w3-msql/"'	$Tail	# '"WEB-CGI w3-msql access"' nocase-ignored bugtraq,591 cve,CVE-1999-0276 arachnids,210 nessus,10296 cve,CVE-2000-0012 classtype:attempted-recon sid:861
		LogAs="SID863"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/day5datacopier.cgi"'	$Tail	# '"WEB-CGI day5datacopier.cgi access"' nocase-ignored cve,CAN-1999-1232 classtype:attempted-recon sid:863
		LogAs="SID864"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/day5datanotifier.cgi"'	$Tail	# '"WEB-CGI day5datanotifier.cgi access"' nocase-ignored cve,CAN-1999-1232 classtype:attempted-recon sid:864
		LogAs="SID866"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/post-query"'	$Tail	# '"WEB-CGI post-query access"' nocase-ignored cve,CAN-2001-0291 classtype:attempted-recon sid:866
		LogAs="SID867"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/visadmin.exe"'	$Tail	# '"WEB-CGI visadmin.exe access"' nocase-ignored bugtraq,1808 cve,CAN-1999-1970 nessus,10295 classtype:attempted-recon sid:867
		LogAs="SID869"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/dumpenv.pl"'	$Tail	# '"WEB-CGI dumpenv.pl access"' nocase-ignored cve,CAN-1999-1178 classtype:attempted-recon sid:869
		LogAs="SID1537"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/calendar_admin.pl"'	$Tail	# '"WEB-CGI calendar_admin.pl access"' classtype:web-application-activity cve,CVE-2000-0432 sid:1537
		LogAs="SID1701"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/calendar-admin.pl"'	$Tail	# '"WEB-CGI calendar-admin.pl access"' nocase-ignored bugtraq,1215 classtype:web-application-activity sid:1701
		LogAs="SID1455"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/calender.pl"'	$Tail	# '"WEB-CGI calender.pl access"' nocase-ignored cve,CVE-2000-0432 classtype:attempted-recon sid:1455
		LogAs="SID882"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/calendar"'	$Tail	# '"WEB-CGI calendar access"' nocase-ignored classtype:attempted-recon sid:882
		LogAs="SID1457"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/user_update_admin.pl"'	$Tail	# '"WEB-CGI user_update_admin.pl access"' nocase-ignored cve,CVE-2000-0627 classtype:attempted-recon sid:1457
		LogAs="SID1458"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/user_update_passwd.pl"'	$Tail	# '"WEB-CGI user_update_passwd.pl access"' nocase-ignored cve,CVE-2000-0627 classtype:attempted-recon sid:1458
		LogAs="SID870"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/snorkerz.cmd"'	$Tail	# '"WEB-CGI snorkerz.cmd access"' nocase-ignored classtype:attempted-recon sid:870
		LogAs="SID871"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/survey.cgi"'	$Tail	# '"WEB-CGI survey.cgi access"' nocase-ignored bugtraq,1817 cve,CVE-1999-0936 classtype:attempted-recon sid:871
		LogAs="SID873"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"///"'	$Tail	# '"WEB-CGI scriptalias access"' cve,CVE-1999-0236 bugtraq,2300 arachnids,227 classtype:attempted-recon sid:873
		LogAs="SID875"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/win-c-sample.exe"'	$Tail	# '"WEB-CGI win-c-sample.exe access"' nocase-ignored bugtraq,2078 arachnids,231 cve,CVE-1999-0178 nessus,10008 classtype:attempted-recon sid:875
		LogAs="SID878"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/w3tvars.pm"'	$Tail	# '"WEB-CGI w3tvars.pm access"' nocase-ignored classtype:attempted-recon sid:878
		LogAs="SID879"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/admin.pl"'	$Tail	# '"WEB-CGI admin.pl access"' nocase-ignored url,online.securityfocus.com/archive/1/249355 bugtraq,3839 classtype:attempted-recon sid:879
		LogAs="SID880"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/LWGate"'	$Tail	# '"WEB-CGI LWGate access"' nocase-ignored url,www.netspace.org/~dwb/lwgate/lwgate-history.html url,www.wiretrip.net/rfp/p/doc.asp/i2/d6.htm classtype:attempted-recon sid:880
		LogAs="SID881"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/archie"'	$Tail	# '"WEB-CGI archie access"' nocase-ignored classtype:attempted-recon sid:881
		LogAs="SID883"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/flexform"'	$Tail	# '"WEB-CGI flexform access"' nocase-ignored url,www.wiretrip.net/rfp/p/doc.asp/i2/d6.htm classtype:attempted-recon sid:883
		LogAs="SID1610"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/formmail"' --string '"%0a"'	$Tail	# '"WEB-CGI formmail arbitrary command execution attempt"' nocase-ignored nocase-ignored nessus,10782 nessus,10076 bugtraq,1187 cve,CVE-1999-0172 arachnids,226 classtype:web-application-attack sid:1610
		LogAs="SID884"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/formmail"'	$Tail	# '"WEB-CGI formmail access"' nocase-ignored nessus,10782 nessus,10076 bugtraq,1187 cve,CVE-1999-0172 arachnids,226 classtype:web-application-activity sid:884
		LogAs="SID1762"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/phf"' --string '"QALIAS"' --string '"%0a/"'	$Tail	# '"WEB-CGI phf arbitrary command execution attempt"' nocase-ignored nocase-ignored bugtraq,629 arachnids,128 cve,CVE-1999-0067 classtype:web-application-attack sid:1762
		LogAs="SID886"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/phf"'	$Tail	# '"WEB-CGI phf access"' nocase-ignored bugtraq,629 arachnids,128 cve,CVE-1999-0067 classtype:web-application-activity sid:886
		LogAs="SID887"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/www-sql"'	$Tail	# '"WEB-CGI www-sql access"' nocase-ignored url,marc.theaimsgroup.com/?l=bugtraq&m=88704258804054&w=2 classtype:attempted-recon sid:887
		LogAs="SID888"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/wwwadmin.pl"'	$Tail	# '"WEB-CGI wwwadmin.pl access"' nocase-ignored classtype:attempted-recon sid:888
		LogAs="SID889"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/ppdscgi.exe"'	$Tail	# '"WEB-CGI ppdscgi.exe access"' nocase-ignored bugtraq,491 url,online.securityfocus.com/archive/1/16878 classtype:attempted-recon sid:889
		LogAs="SID890"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/sendform.cgi"'	$Tail	# '"WEB-CGI sendform.cgi access"' nocase-ignored cve,CAN-2002-0710 bugtraq,5286 url,www.scn.org/help/sendform.txt classtype:attempted-recon sid:890
		LogAs="SID891"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/upload.pl"'	$Tail	# '"WEB-CGI upload.pl access"' nocase-ignored classtype:attempted-recon sid:891
		LogAs="SID892"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/AnyForm2"'	$Tail	# '"WEB-CGI AnyForm2 access"' nocase-ignored bugtraq,719 cve,CVE-1999-0066 classtype:attempted-recon sid:892
		LogAs="SID893"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/MachineInfo"'	$Tail	# '"WEB-CGI MachineInfo access"' nocase-ignored cve,CAN-1999-1067 classtype:attempted-recon sid:893
		LogAs="SID1531"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bb-hist.sh?HISTFILE=../.."'	$Tail	# '"WEB-CGI bb-hist.sh attempt"' nocase-ignored nessus,10025 cve,CAN-1999-1462 bugtraq,142 classtype:web-application-attack sid:1531
		LogAs="SID894"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bb-hist.sh"'	$Tail	# '"WEB-CGI bb-hist.sh access"' nocase-ignored nessus,10025 cve,CAN-1999-1462 bugtraq,142 classtype:attempted-recon sid:894
		LogAs="SID1459"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bb-histlog.sh"'	$Tail	# '"WEB-CGI bb-histlog.sh access"' nocase-ignored bugtraq,142 cve,CAN-1999-1462 classtype:attempted-recon sid:1459
		LogAs="SID1460"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bb-histsvc.sh"'	$Tail	# '"WEB-CGI bb-histsvc.sh access"' nocase-ignored bugtraq,142 cve,CAN-1999-1462 classtype:attempted-recon sid:1460
		LogAs="SID1532"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bb-hostsvc.sh?HOSTSVC?../.."'	$Tail	# '"WEB-CGI bb-hostscv.sh attempt"' nocase-ignored nessus,10460 cve,CVE-2000-0638 classtype:web-application-attack sid:1532
		LogAs="SID1533"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bb-hostsvc.sh"'	$Tail	# '"WEB-CGI bb-hostscv.sh access"' nocase-ignored nessus,10460 cve,CVE-2000-0638 classtype:web-application-activity sid:1533
		LogAs="SID1461"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bb-rep.sh"'	$Tail	# '"WEB-CGI bb-rep.sh access"' nocase-ignored bugtraq,142 cve,CAN-1999-1462 classtype:attempted-recon sid:1461
		LogAs="SID1462"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bb-replog.sh"'	$Tail	# '"WEB-CGI bb-replog.sh access"' nocase-ignored bugtraq,142 cve,CAN-1999-1462 classtype:attempted-recon sid:1462
		LogAs="SID895"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/redirect"'	$Tail	# '"WEB-CGI redirect access"' nocase-ignored bugtraq,1179 cve,CVE-2000-0382 classtype:attempted-recon sid:895
		LogAs="SID1397"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/way-board/way-board.cgi"' --string '"db="' --string '"../.."'	$Tail	# '"WEB-CGI wayboard attempt"' nocase-ignored bugtraq,2370 cve,CAN-2001-0214 classtype:web-application-attack sid:1397
		LogAs="SID896"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/way-board"'	$Tail	# '"WEB-CGI way-board access"' nocase-ignored bugtraq,2370 cve,CAN-2001-0214 nessus,10610 classtype:web-application-activity sid:896
		LogAs="SID1222"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/pals-cgi"' --string '"documentName="'	$Tail	# '"WEB-CGI pals-cgi arbitrary file access attempt"' nocase-ignored classtype:web-application-attack cve,CAN-2001-0217 bugtraq,2372 nessus,10611 sid:1222
		LogAs="SID897"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/pals-cgi"'	$Tail	# '"WEB-CGI pals-cgi access"' nocase-ignored cve,CAN-2001-0216 cve,CAN-2001-0217 bugtraq,2372 nessus,10611 classtype:attempted-recon sid:897
		LogAs="SID1572"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/commerce.cgi"' --string '"page="' --string '"/../"'	$Tail	# '"WEB-CGI commerce.cgi arbitrary file access attempt"' nocase-ignored nessus,10612 bugtraq,2361 cve,CAN-2001-0210 classtype:attempted-recon sid:1572
		LogAs="SID898"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/commerce.cgi"'	$Tail	# '"WEB-CGI commerce.cgi access"' nocase-ignored nessus,10612 bugtraq,2361 cve,CAN-2001-0210 classtype:attempted-recon sid:898
		LogAs="SID899"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/sendtemp.pl"' --string '"templ="'	$Tail	# '"WEB-CGI Amaya templates sendtemp.pl directory traversal attempt"' nocase-ignored nocase-ignored bugtraq,2504 cve,CAN-2001-0272 classtype:web-application-attack sid:899
		LogAs="SID1702"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/sendtemp.pl"'	$Tail	# '"WEB-CGI Amaya templates sendtemp.pl access"' nocase-ignored bugtraq,2504 cve,CAN-2001-0272 classtype:web-application-activity sid:1702
		LogAs="SID900"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/webspirs.cgi"' --string '"../../"'	$Tail	# '"WEB-CGI webspirs.cgi directory traversal attempt"' nocase-ignored nocase-ignored cve,CAN-2001-0211 bugtraq,2362 nessus,10616 classtype:web-application-attack sid:900
		LogAs="SID901"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/webspirs.cgi"'	$Tail	# '"WEB-CGI webspirs.cgi access"' nocase-ignored cve,CAN-2001-0211 bugtraq,2362 nessus,10616 classtype:attempted-recon sid:901
		LogAs="SID902"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"tstisapi.dll"'	$Tail	# '"WEB-CGI tstisapi.dll access"' nocase-ignored cve,CAN-2001-0302 classtype:attempted-recon sid:902
		LogAs="SID1308"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/sendmessage.cgi"'	$Tail	# '"WEB-CGI sendmessage.cgi access"' nocase-ignored classtype:attempted-recon sid:1308
		LogAs="SID1392"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/lastlines.cgi"'	$Tail	# '"WEB-CGI lastlines.cgi access"' nocase-ignored bugtraq,3755 bugtraq,3754 classtype:attempted-recon sid:1392
		LogAs="SID1395"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/zml.cgi"' --string '"file=../"'	$Tail	# '"WEB-CGI zml.cgi attempt"' cve,CAN-2001-1209 bugtraq,3759 classtype:web-application-activity sid:1395
		LogAs="SID1396"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/zml.cgi"'	$Tail	# '"WEB-CGI zml.cgi access"' cve,CAN-2001-1209 bugtraq,3759 classtype:web-application-activity sid:1396
		LogAs="SID1405"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/publisher/search.cgi"' --string '"template="'	$Tail	# '"WEB-CGI AHG search.cgi access"' nocase-ignored nocase-ignored bugtraq,3985 classtype:web-application-activity sid:1405
		LogAs="SID1534"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/store/agora.cgi?cart_id=<SCRIPT>"'	$Tail	# '"WEB-CGI agora.cgi attempt"' nocase-ignored nessus,10836 cve,CAN-2001-1199 bugtraq,3976 classtype:web-application-attack sid:1534
		LogAs="SID1406"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/store/agora.cgi"'	$Tail	# '"WEB-CGI agora.cgi access"' nocase-ignored nessus,10836 cve,CAN-2001-1199 bugtraq,3976 classtype:web-application-activity sid:1406
		LogAs="SID877"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/rksh"'	$Tail	# '"WEB-CGI rksh access"' nocase-ignored url,www.cert.org/advisories/CA-1996-11.html cve,CAN-1999-0509 classtype:attempted-recon sid:877
		LogAs="SID885"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bash"'	$Tail	# '"WEB-CGI bash access"' nocase-ignored cve,CAN-1999-0509 url,www.cert.org/advisories/CA-1996-11.html classtype:web-application-activity sid:885
		LogAs="SID1648"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/perl.exe?"'	$Tail	# '"WEB-CGI perl.exe command attempt"' nocase-ignored cve,CAN-1999-0509 url,www.cert.org/advisories/CA-1996-11.html arachnids,219 nessus,10173 classtype:attempted-recon sid:1648
		LogAs="SID832"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/perl.exe"'	$Tail	# '"WEB-CGI perl.exe access"' nocase-ignored cve,CAN-1999-0509 url,www.cert.org/advisories/CA-1996-11.html arachnids,219 nessus,10173 classtype:attempted-recon sid:832
		LogAs="SID1649"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/perl?"'	$Tail	# '"WEB-CGI perl command attempt"' nocase-ignored cve,CAN-1999-0509 url,www.cert.org/advisories/CA-1996-11.html arachnids,219 nessus,10173 classtype:attempted-recon sid:1649
		LogAs="SID1309"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/zsh"'	$Tail	# '"WEB-CGI zsh access"' nocase-ignored url,www.cert.org/advisories/CA-1996-11.html cve,CAN-1999-0509 classtype:attempted-recon sid:1309
		LogAs="SID862"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/csh"'	$Tail	# '"WEB-CGI csh access"' nocase-ignored url,www.cert.org/advisories/CA-1996-11.html cve,CAN-1999-0509 classtype:attempted-recon sid:862
		LogAs="SID872"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/tcsh"'	$Tail	# '"WEB-CGI tcsh access"' nocase-ignored url,www.cert.org/advisories/CA-1996-11.html cve,CAN-1999-0509 classtype:attempted-recon sid:872
		LogAs="SID868"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/rsh"'	$Tail	# '"WEB-CGI rsh access"' nocase-ignored cve,CAN-1999-0509 url,www.cert.org/advisories/CA-1996-11.html classtype:attempted-recon sid:868
		LogAs="SID865"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/ksh"'	$Tail	# '"WEB-CGI ksh access"' nocase-ignored url,www.cert.org/advisories/CA-1996-11.html cve,CAN-1999-0509 classtype:attempted-recon sid:865
		LogAs="SID1703"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/auktion.cgi"' --string '"menue=../../"'	$Tail	# '"WEB-CGI auktion.cgi directory traversal attempt"' nocase-ignored nocase-ignored nessus,10638 bugtraq,2367 cve,CAN-2001-0212 classtype:web-application-attack sid:1703
		LogAs="SID1465"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/auktion.cgi"'	$Tail	# '"WEB-CGI auktion.cgi access"' nocase-ignored nessus,10638 bugtraq,2367 cve,CAN-2001-0212 classtype:web-application-activity sid:1465
		LogAs="SID1573"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cgiforum.pl?thesection=../.."'	$Tail	# '"WEB-CGI cgiforum.pl attempt"' nocase-ignored nessus,10552 bugtraq,1963 cve,CVE-2000-1171 classtype:web-application-attack sid:1573
		LogAs="SID1466"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cgiforum.pl"'	$Tail	# '"WEB-CGI cgiforum.pl access"' nocase-ignored nessus,10552 bugtraq,1963 cve,CVE-2000-1171 classtype:web-application-activity sid:1466
		LogAs="SID1574"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/directorypro.cgi"' --string '"show="' --string '"../.."'	$Tail	# '"WEB-CGI directorypro.cgi attempt"' nocase-ignored cve,CAN-2001-0780 classtype:web-application-attack sid:1574
		LogAs="SID1467"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/directorypro.cgi"'	$Tail	# '"WEB-CGI directorypro.cgi access"' nocase-ignored cve,CAN-2001-0780 classtype:web-application-activity sid:1467
		LogAs="SID1468"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/shopper.cgi"' --string '"newpage=../"'	$Tail	# '"WEB-CGI Web Shopper shopper.cgi attempt"' nocase-ignored nocase-ignored cve,CVE-2000-0922 bugtraq,1776 classtype:web-application-attack sid:1468
		LogAs="SID1469"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/shopper.cgi"'	$Tail	# '"WEB-CGI Web Shopper shopper.cgi access"' nocase-ignored cve,CVE-2000-0922 bugtraq,1776 classtype:attempted-recon sid:1469
		LogAs="SID1470"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/listrec.pl"'	$Tail	# '"WEB-CGI listrec.pl access"' nocase-ignored cve,CAN-2001-0997 classtype:attempted-recon sid:1470
		LogAs="SID1471"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/mailnews.cgi"'	$Tail	# '"WEB-CGI mailnews.cgi access"' nocase-ignored cve,CAN-2001-0271 classtype:attempted-recon sid:1471
		LogAs="SID1472"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/book.cgi"'	$Tail	# '"WEB-CGI book.cgi access"' nocase-ignored cve,CVE-2001-1114 bugtraq,3178 nessus,10721 classtype:web-application-activity sid:1472
		LogAs="SID1473"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/newsdesk.cgi"'	$Tail	# '"WEB-CGI newsdesk.cgi access"' nocase-ignored cve,CAN-2001-0232 classtype:attempted-recon sid:1473
		LogAs="SID1704"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cal_make.pl"' --string '"p0=../../"'	$Tail	# '"WEB-CGI cal_make.pl directory traversal attempt"' nocase-ignored nocase-ignored cve,CVE-2001-0463 bugtraq,2663 classtype:web-application-attack sid:1704
		LogAs="SID1474"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cal_make.pl"'	$Tail	# '"WEB-CGI cal_make.pl access"' nocase-ignored cve,CVE-2001-0463 bugtraq,2663 classtype:web-application-activity sid:1474
		LogAs="SID1475"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/mailit.pl"'	$Tail	# '"WEB-CGI mailit.pl access"' nocase-ignored classtype:attempted-recon sid:1475
		LogAs="SID1476"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/sdbsearch.cgi"'	$Tail	# '"WEB-CGI sdbsearch.cgi access"' nocase-ignored cve,CAN-2001-1130 classtype:attempted-recon sid:1476
		LogAs="SID1478"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/swc"'	$Tail	# '"WEB-CGI swc access"' nocase-ignored classtype:attempted-recon sid:1478
		LogAs="SID1479"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/ttawebtop.cgi"' --string '"pg=../"'	$Tail	# '"WEB-CGI ttawebtop.cgi arbitrary file attempt"' nocase-ignored nocase-ignored cve,CVE-2001-0805 bugtraq,2890 nessus,10696 classtype:web-application-attack sid:1479
		LogAs="SID1480"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/ttawebtop.cgi"'	$Tail	# '"WEB-CGI ttawebtop.cgi access"' nocase-ignored cve,CVE-2001-0805 bugtraq,2890 nessus,10696 bugtraq,2890 classtype:attempted-recon sid:1480
		LogAs="SID1481"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/upload.cgi"'	$Tail	# '"WEB-CGI upload.cgi access"' nocase-ignored nessus,10290 classtype:attempted-recon sid:1481
		LogAs="SID1482"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/view_source"'	$Tail	# '"WEB-CGI view_source access"' nocase-ignored nessus,10294 classtype:attempted-recon sid:1482
		LogAs="SID1730"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/ustorekeeper.pl"' --string '"file=../../"'	$Tail	# '"WEB-CGI ustorekeeper.pl directory traversal attempt"' nocase-ignored nocase-ignored cve,CAN-2001-0466 nessus,10645 classtype:web-application-attack sid:1730
		LogAs="SID1483"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/ustorekeeper.pl"'	$Tail	# '"WEB-CGI ustorekeeper.pl access"' nocase-ignored cve,CAN-2001-0466 nessus,10646 classtype:web-application-activity sid:1483
		LogAs="SID1606"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/icat"'	$Tail	# '"WEB-CGI icat access"' classtype:web-application-activity cve,CAN-1999-1069 sid:1606
		LogAs="SID1617"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/doeditvotes.cgi"'	$Tail	# '"WEB-CGI Bugzilla doeditvotes.cgi access"' classtype:web-application-activity cve,CAN-2002-0011 sid:1617
		LogAs="SID1600"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/htsearch?-c"'	$Tail	# '"WEB-CGI htsearch arbitrary configuration file attempt"' nocase-ignored classtype:web-application-attack cve,CVE-2000-0208 sid:1600
		LogAs="SID1601"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/htsearch?exclude=`"'	$Tail	# '"WEB-CGI htsearch arbitrary file read attempt"' nocase-ignored classtype:web-application-attack bugtraq,1026 cve,CVE-2000-0208 sid:1601
		LogAs="SID1602"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/htsearch"'	$Tail	# '"WEB-CGI htsearch access"' nocase-ignored classtype:web-application-activity cve,CVE-2000-0208 sid:1602
		LogAs="SID1501"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/a1disp3.cgi?/../../"'	$Tail	# '"WEB-CGI a1stats a1disp3.cgi directory traversal attempt"' nessus,10669 cve,CAN-2001-0561 classtype:web-application-attack sid:1501
		LogAs="SID1502"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/a1disp3.cgi"'	$Tail	# '"WEB-CGI a1stats a1disp3.cgi access"' nessus,10669 cve,CAN-2001-0561 classtype:web-application-activity sid:1502
		LogAs="SID1731"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/a1stats/"'	$Tail	# '"WEB-CGI a1stats access"' nessus,10669 cve,CAN-2001-0561 classtype:web-application-activity sid:1731
		LogAs="SID1503"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/admentor/admin/admin.asp"'	$Tail	# '"WEB-CGI admentor admin.asp access"' nessus,10880 cve,CAN-2002-0308 bugtraq,4152 url,www.securiteam.com/windowsntfocus/5DP0N1F6AW.html classtype:web-application-activity sid:1503
		LogAs="SID1505"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/PRN/../../"'	$Tail	# '"WEB-CGI alchemy http server PRN arbitrary command execution attempt"' classtype:web-application-activity cve,CAN-2001-0871 sid:1505
		LogAs="SID1506"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/NUL/../../"'	$Tail	# '"WEB-CGI alchemy http server NUL arbitrary command execution attempt"' classtype:web-application-activity cve,CAN-2001-0871 sid:1506
		LogAs="SID1508"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/alibaba.pl"'	$Tail	# '"WEB-CGI alibaba.pl access"' classtype:web-application-activity cve ,CAN-1999-0885 sid:1508
		LogAs="SID1509"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/query?mss=.."'	$Tail	# '"WEB-CGI AltaVista Intranet Search directory traversal attempt"' classtype:web-application-attack cve,CVE-2000-0039 nessus,10015 sid:1509
		LogAs="SID1511"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/test.bat"'	$Tail	# '"WEB-CGI test.bat access"' classtype:web-application-activity nessus,10016 cve,CVE-1999-0947 sid:1511
		LogAs="SID1513"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/input.bat"'	$Tail	# '"WEB-CGI input.bat access"' classtype:web-application-activity nessus,10016 cve,CVE-1999-0947 sid:1513
		LogAs="SID1515"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/input2.bat"'	$Tail	# '"WEB-CGI input2.bat access"' classtype:web-application-activity nessus,10016 cve,CVE-1999-0947 sid:1515
		LogAs="SID1517"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/envout.bat"'	$Tail	# '"WEB-CGI envout.bat access"' classtype:web-application-activity nessus,10016 cve,CVE-1999-0947 sid:1517
		LogAs="SID1705"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/echo.bat"' --string '"&"'	$Tail	# '"WEB-CGI echo.bat arbitrary command execution attempt"' nessus,10246 cve,CAN-2000-0213 classtype:web-application-attack sid:1705
		LogAs="SID1706"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/echo.bat"'	$Tail	# '"WEB-CGI echo.bat access"' nessus,10246 cve,CAN-2000-0213 classtype:web-application-activity sid:1706
		LogAs="SID1707"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/hello.bat"' --string '"&"'	$Tail	# '"WEB-CGI hello.bat arbitrary command execution attempt"' nessus,10246 cve,CAN-2000-0213 classtype:web-application-attack sid:1707
		LogAs="SID1708"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/hello.bat"'	$Tail	# '"WEB-CGI hello.bat access"' nessus,10246 cve,CAN-2000-0213 classtype:web-application-activity sid:1708
		LogAs="SID1650"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/tst.bat"'	$Tail	# '"WEB-CGI tst.bat access"' classtype:web-application-activity cve,CAN-1999-0885 bugtraq,770 sid:1650
		LogAs="SID1539"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cgi-bin/ls"'	$Tail	# '"WEB-CGI /cgi-bin/ls access"' nocase-ignored cve,CAN-2000-0079 bugtraq,936 classtype:web-application-activity sid:1539
		LogAs="SID1542"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cgimail"'	$Tail	# '"WEB-CGI cgimail access"' nocase-ignored cve,CVE-2000-0726 classtype:web-application-activity sid:1542
		LogAs="SID1543"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cgiwrap"'	$Tail	# '"WEB-CGI cgiwrap access"' nocase-ignored nessus,10041 cve,CVE-1999-1530 cve,CVE-2000-0431 cve,CVE-2001-0987 classtype:web-application-activity sid:1543
		LogAs="SID1547"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/csSearch.cgi"' --string '"setup="' --string '"`"' --string '"`"'	$Tail	# '"WEB-CGI csSearch.cgi arbitrary command execution attempt"' bugtraq,4368 nessus,10924 cve,CAN-2002-0495 classtype:web-application-attack sid:1547
		LogAs="SID1548"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/csSearch.cgi"'	$Tail	# '"WEB-CGI csSearch.cgi access"' bugtraq,4368 nessus,10924 cve,CAN-2002-0495 classtype:web-application-activity sid:1548
		LogAs="SID1553"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cart/cart.cgi"'	$Tail	# '"WEB-CGI /cart/cart.cgi access"' cve,CVE-2000-0252 classtype:web-application-activity sid:1553
		LogAs="SID1554"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/dbman/db.cgi"'	$Tail	# '"WEB-CGI dbman db.cgi access"' cve,CVE-2000-0381 nessus,10403 classtype:web-application-activity sid:1554
		LogAs="SID1555"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/dcshop"'	$Tail	# '"WEB-CGI DCShop access"' nocase-ignored cve,CAN-2001-0821 classtype:web-application-activity sid:1555
		LogAs="SID1556"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/orders/orders.txt"'	$Tail	# '"WEB-CGI DCShop orders.txt access"' nocase-ignored cve,CAN-2001-0821 classtype:web-application-activity sid:1556
		LogAs="SID1557"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/auth_data/auth_user_file.txt"'	$Tail	# '"WEB-CGI DCShop auth_user_file.txt access"' nocase-ignored cve,CAN-2001-0821 classtype:web-application-activity sid:1557
		LogAs="SID1566"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/eshop.pl"'	$Tail	# '"WEB-CGI eshop.pl access"' nocase-ignored cve,CAN-2001-1014 classtype:web-application-activity sid:1566
		LogAs="SID1569"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/loadpage.cgi"' --string '"file=../"'	$Tail	# '"WEB-CGI loadpage.cgi directory traversal attempt"' nocase-ignored classtype:web-application-attack sid:1569
		LogAs="SID1570"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/loadpage.cgi"'	$Tail	# '"WEB-CGI loadpage.cgi access"' nocase-ignored classtype:web-application-activity sid:1570
		LogAs="SID1590"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/faqmanager.cgi?toc="' --string '"%00"'	$Tail	# '"WEB-CGI faqmanager.cgi arbitrary file access attempt"' nocase-ignored nessus,10837 classtype:web-application-attack bugtraq,3810 sid:1590
		LogAs="SID1591"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/faqmanager.cgi"'	$Tail	# '"WEB-CGI faqmanager.cgi access"' nocase-ignored classtype:web-application-activity nessus,10837 bugtraq,3810 sid:1591
		LogAs="SID1592"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/fcgi-bin/echo.exe"'	$Tail	# '"WEB-CGI /fcgi-bin/echo.exe access"' nocase-ignored nessus,10838 classtype:web-application-activity sid:1592
		LogAs="SID1628"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/FormHandler.cgi"' --string '"reply_message_attach="' --string '"/../"'	$Tail	# '"WEB-CGI FormHandler.cgi directory traversal attempt attempt"' nocase-ignored nocase-ignored nessus,10075 cve,CAN-1999-1050 classtype:web-application-attack sid:1628
		LogAs="SID1593"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/FormHandler.cgi"' --string '"redirect=http"'	$Tail	# '"WEB-CGI FormHandler.cgi external site redirection attempt"' nocase-ignored nessus,10075 cve,CAN-1999-1050 classtype:web-application-attack sid:1593
		LogAs="SID1594"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/FormHandler.cgi"'	$Tail	# '"WEB-CGI FormHandler.cgi access"' nocase-ignored classtype:web-application-activity nessus,10075 cve,CAN-1999-1050 sid:1594
		LogAs="SID1597"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/guestbook.cgi"'	$Tail	# '"WEB-CGI guestbook.cgi access"' nocase-ignored classtype:web-application-activity nessus,10098 cve,CVE-1999-0237 sid:1597
		LogAs="SID1598"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/search.cgi"' --string '"letter=../.."'	$Tail	# '"WEB-CGI Home Free search.cgi directory traversal attempt"' nocase-ignored classtype:web-application-attack cve,CAN-2000-0054 bugtraq,921 sid:1598
		LogAs="SID1599"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/search.cgi"'	$Tail	# '"WEB-CGI search.cgi access"' nocase-ignored classtype:web-application-activity cve,CAN-2000-0054 bugtraq,921 sid:1599
		LogAs="SID1651"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/enivron.pl"'	$Tail	# '"WEB-CGI enivorn.pl access"' nocase-ignored classtype:web-application-activity sid:1651
		LogAs="SID1652"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/campus?%0a"'	$Tail	# '"WEB-CGI campus attempt"' nocase-ignored classtype:web-application-attack sid:1652
		LogAs="SID1653"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/campus"'	$Tail	# '"WEB-CGI campus access"' nocase-ignored classtype:web-application-activity sid:1653
		LogAs="SID1654"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cart32.exe"'	$Tail	# '"WEB-CGI cart32.exe access"' nocase-ignored classtype:web-application-activity sid:1654
		LogAs="SID1655"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/pfdispaly.cgi?'"'	$Tail	# '"WEB-CGI pfdispaly.cgi arbitrary command execution attempt"' nocase-ignored classtype:web-application-attack sid:1655
		LogAs="SID1656"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/pfdispaly.cgi"'	$Tail	# '"WEB-CGI pfdispaly.cgi access"' nocase-ignored classtype:web-application-activity sid:1656
		LogAs="SID1657"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/pagelog.cgi"' --string '"name=../"'	$Tail	# '"WEB-CGI pagelog.cgi directory traversal attempt"' nocase-ignored nocase-ignored nessus,10591 cve,CAN-2000-0940 bugtraq,1864 classtype:web-application-activity sid:1657
		LogAs="SID1658"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/pagelog.cgi"'	$Tail	# '"WEB-CGI pagelog.cgi access"' nocase-ignored cve,CAN-2000-0940 bugtraq,1864 nessus,10591 classtype:web-application-activity sid:1658
		LogAs="SID1709"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/ad.cgi"'	$Tail	# '"WEB-CGI ad.cgi access"' nocase-ignored classtype:web-application-activity sid:1709
		LogAs="SID1710"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bbs_forum.cgi"'	$Tail	# '"WEB-CGI bbs_forum.cgi access"' nocase-ignored classtype:web-application-activity sid:1710
		LogAs="SID1711"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bsguest.cgi"'	$Tail	# '"WEB-CGI bsguest.cgi access"' nocase-ignored classtype:web-application-activity sid:1711
		LogAs="SID1712"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bslist.cgi"'	$Tail	# '"WEB-CGI bslist.cgi access"' nocase-ignored classtype:web-application-activity sid:1712
		LogAs="SID1713"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cgforum.cgi"'	$Tail	# '"WEB-CGI cgforum.cgi access"' nocase-ignored classtype:web-application-activity sid:1713
		LogAs="SID1714"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/newdesk"'	$Tail	# '"WEB-CGI newdesk access"' nocase-ignored classtype:web-application-activity sid:1714
		LogAs="SID1715"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/register.cgi"'	$Tail	# '"WEB-CGI register.cgi access"' nocase-ignored classtype:web-application-activity sid:1715
		LogAs="SID1716"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/gbook.cgi"'	$Tail	# '"WEB-CGI gbook.cgi access"' nocase-ignored cve,CVE-2000-1131 classtype:web-application-activity sid:1716
		LogAs="SID1717"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/simplestguest.cgi"'	$Tail	# '"WEB-CGI simplestguest.cgi access"' nocase-ignored classtype:web-application-activity sid:1717
		LogAs="SID1718"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/statusconfig.pl"'	$Tail	# '"WEB-CGI statusconfig.pl access"' nocase-ignored classtype:web-application-activity sid:1718
		LogAs="SID1719"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/talkbalk.cgi"' --string '"article=../../"'	$Tail	# '"WEB-CGI talkback.cgi directory traversal attempt"' nocase-ignored nocase-ignored classtype:web-application-attack sid:1719
		LogAs="SID1720"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/talkbalk.cgi"'	$Tail	# '"WEB-CGI talkback.cgi access"' nocase-ignored classtype:web-application-activity sid:1720
		LogAs="SID1721"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/adcycle"'	$Tail	# '"WEB-CGI adcycle access"' nocase-ignored classtype:web-application-activity sid:1721
		LogAs="SID1722"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/MachineInfo"'	$Tail	# '"WEB-CGI MachineInfo access"' nocase-ignored classtype:web-application-activity sid:1722
		LogAs="SID1723"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/emumail.cgi"' --string '"type="' --string '"%00"'	$Tail	# '"WEB-CGI emumail.cgi NULL attempt"' nocase-ignored cve,CAN-2002-1526 classtype:web-application-activity sid:1723
		LogAs="SID1724"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/emumail.cgi"'	$Tail	# '"WEB-CGI emumail.cgi access"' nocase-ignored cve,CAN-2002-1526 classtype:web-application-activity sid:1724
		LogAs="SID1642"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/document.d2w"'	$Tail	# '"WEB-CGI document.d2w access"' cve,CAN-2000-1110 bugtraq,2017 classtype:web-application-activity sid:1642
		LogAs="SID1643"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/db2www"'	$Tail	# '"WEB-CGI db2www access"' cve,CVE-2000-0677 classtype:web-application-activity sid:1643
		LogAs="SID1668"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cgi-bin/"' --string '"/cgi-bin/ HTTP"'	$Tail	# '"WEB-CGI /cgi-bin/ access"' nocase-ignored classtype:web-application-attack sid:1668
		LogAs="SID1669"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cgi-dos/"' --string '"/cgi-dos/ HTTP"'	$Tail	# '"WEB-CGI /cgi-dos/ access"' nocase-ignored classtype:web-application-attack sid:1669
		LogAs="SID1051"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/technote/main.cgi"' --string '"filename="' --string '"../../"'	$Tail	# '"WEB-CGI technote main.cgi file directory traversal attempt"' nocase-ignored nocase-ignored cve,CVE-2001-0075 bugtraq,2156 classtype:web-application-attack sid:1051
		LogAs="SID1052"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/technote/print.cgi"' --string '"board="' --string '"../../"' --string '"%00"'	$Tail	# '"WEB-CGI technote print.cgi directory traversal attempt"' nocase-ignored nocase-ignored cve,CAN-2001-0075 bugtraq,2156 classtype:web-application-attack sid:1052
		LogAs="SID1088"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/web_store.cgi"' --string '"page=../"'	$Tail	# '"WEB-CGI eXtropia webstore directory traversal"' bugtraq,1774 cve,CVE-2000-1005 classtype:web-application-attack sid:1088
		LogAs="SID1611"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/web_store.cgi"'	$Tail	# '"WEB-CGI eXtropia webstore access"' bugtraq,1774 cve,CVE-2000-1005 classtype:web-application-activity sid:1611
		LogAs="SID1089"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/shop.cgi"' --string '"page=../"'	$Tail	# '"WEB-CGI shopping cart directory traversal"' bugtraq,1777 classtype:web-application-attack sid:1089
		LogAs="SID1090"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/authenticate.cgi?PASSWORD"' --string '"config.ini"'	$Tail	# '"WEB-CGI Allaire Pro Web Shell attempt"' classtype:web-application-attack sid:1090
		LogAs="SID1092"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/search.cgi?keys"' --string '"catigory=../"'	$Tail	# '"WEB-CGI Armada Style Master Index directory traversal"' classtype:web-application-attack sid:1092
		LogAs="SID1093"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cached_feed.cgi"' --string '"../"'	$Tail	# '"WEB-CGI cached_feed.cgi moreover shopping cart directory traversal"' cve,CAN-2000-0906 bugtraq,1762 classtype:web-application-attack sid:1093
		LogAs="SID2051"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cached_feed.cgi"'	$Tail	# '"WEB-CGI cached_feed.cgi moreover shopping cart access"' cve,CAN-2000-0906 bugtraq,1762 classtype:web-application-activity sid:2051
		LogAs="SID1097"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/webplus.cgi?Script=/webplus/webping/webping.wml"'	$Tail	# '"WEB-CGI Talentsoft Web+ exploit attempt"' bugtraq,1725 classtype:web-application-attack sid:1097
		LogAs="SID1106"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/pollit/Poll_It_SSI_v2.0.cgi"'	$Tail	# '"WEB-CGI Poll-it access"' nocase-ignored cve,CAN-2000-0590 bugtraq,1431 classtype:web-application-activity sid:1106
		LogAs="SID1149"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/count.cgi"'	$Tail	# '"WEB-CGI count.cgi access"' nocase-ignored bugtraq,128 cve,CVE-1999-0021 nessus,10049 classtype:web-application-activity sid:1149
		LogAs="SID1163"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/webdist.cgi"'	$Tail	# '"WEB-CGI webdist.cgi access"' nocase-ignored bugtraq,374 cve,CVE-1999-0039 nessus,10299 classtype:web-application-activity sid:1163
		LogAs="SID1172"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bigconf.cgi"'	$Tail	# '"WEB-CGI bigconf.cgi access"' nocase-ignored nessus,10027 bugtraq,778 cve,CVE-1999-1550 classtype:web-application-activity sid:1172
		LogAs="SID1174"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cgi-bin/jj"'	$Tail	# '"WEB-CGI /cgi-bin/jj access"' nocase-ignored bugtraq,2002 cve,CVE-1999-0260 classtype:web-application-activity sid:1174
		LogAs="SID1185"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bizdb1-search.cgi"' --string '"mail"'	$Tail	# '"WEB-CGI bizdbsearch attempt"' nocase-ignored nocase-ignored cve,CAN-2000-0287 bugtraq,1104 classtype:web-application-attack sid:1185
		LogAs="SID1535"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/bizdb1-search.cgi"'	$Tail	# '"WEB-CGI bizdbsearch access"' nocase-ignored cve,CAN-2000-0287 bugtraq,1104 classtype:web-application-activity sid:1535
		LogAs="SID1194"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/sojourn.cgi?cat="' --string '"%00"'	$Tail	# '"WEB-CGI sojourn.cgi File attempt"' nocase-ignored bugtraq,1052 cve,CAN-2000-0180 classtype:web-application-attack sid:1194
		LogAs="SID1195"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/sojourn.cgi"'	$Tail	# '"WEB-CGI sojourn.cgi access"' nocase-ignored bugtraq,1052 cve,CAN-2000-0180 classtype:web-application-activity sid:1195
		LogAs="SID1196"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/infosrch.cgi?"' --string '"fname="'	$Tail	# '"WEB-CGI SGI InfoSearch fname attempt"' nocase-ignored bugtraq,1031 arachnids,290 cve,CVE-2000-0207 classtype:web-application-attack sid:1196
		LogAs="SID1727"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/infosrch.cgi"'	$Tail	# '"WEB-CGI SGI InfoSearch fname access"' bugtraq,1031 arachnids,290 cve,CVE-2000-0207 classtype:web-application-activity sid:1727
		LogAs="SID1204"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/ax-admin.cgi"'	$Tail	# '"WEB-CGI ax-admin.cgi access"' classtype:web-application-activity sid:1204
		LogAs="SID1205"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/axs.cgi"'	$Tail	# '"WEB-CGI axs.cgi access"' classtype:web-application-activity sid:1205
		LogAs="SID1206"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cachemgr.cgi"'	$Tail	# '"WEB-CGI cachemgr.cgi access"' cve,CVE-1999-0710 nessus,10034 classtype:web-application-activity sid:1206
		LogAs="SID1208"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/responder.cgi"'	$Tail	# '"WEB-CGI responder.cgi access"' classtype:web-application-activity sid:1208
		LogAs="SID1211"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/web-map.cgi"'	$Tail	# '"WEB-CGI web-map.cgi access"' classtype:web-application-activity sid:1211
		LogAs="SID1215"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/ministats/admin.cgi"'	$Tail	# '"WEB-CGI ministats admin access"' nocase-ignored classtype:web-application-activity sid:1215
		LogAs="SID1219"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/dfire.cgi"'	$Tail	# '"WEB-CGI dfire.cgi access"' nocase-ignored cve,CAN-1999-0913 classtype:web-application-activity sid:1219
		LogAs="SID1305"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/txt2html.cgi"' --string '"/../../../../"'	$Tail	# '"WEB-CGI txt2html.cgi directory traversal attempt"' nocase-ignored classtype:web-application-attack sid:1305
		LogAs="SID1304"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/txt2html.cgi"'	$Tail	# '"WEB-CGI txt2html.cgi access"' nocase-ignored classtype:web-application-activity sid:1304
		LogAs="SID1488"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/store.cgi"' --string '"../"'	$Tail	# '"WEB-CGI store.cgi directory traversal attempt"' nocase-ignored nessus,10639 bugtraq,2385 cve,CAN-2001-0305 classtype:web-application-attack sid:1488
		LogAs="SID1307"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/store.cgi"'	$Tail	# '"WEB-CGI store.cgi access"' nocase-ignored nessus,10639 bugtraq,2385 cve,CAN-2001-0305 classtype:web-application-activity sid:1307
		LogAs="SID1494"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/generate.cgi"' --string '"content=../"'	$Tail	# '"WEB-CGI SIX webboard generate.cgi attempt"' cve,CAN-2001-1115 bugtraq,3175 classtype:web-application-attack sid:1494
		LogAs="SID1495"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/generate.cgi"'	$Tail	# '"WEB-CGI SIX webboard generate.cgi access"' cve,CAN-2001-1115 bugtraq,3175 classtype:web-application-activity sid:1495
		LogAs="SID1496"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/spin_client.cgi"'	$Tail	# '"WEB-CGI spin_client.cgi access"' classtype:web-application-activity sid:1496
		LogAs="SID1787"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/csPassword.cgi"'	$Tail	# '"WEB-CGI csPassword.cgi access"' bugtraq,4885 bugtraq,4886 bugtraq,4887 bugtraq,4889 classtype:web-application-activity sid:1787
		LogAs="SID1788"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/password.cgi.tmp"'	$Tail	# '"WEB-CGI csPassword password.cgi.tmp access"' bugtraq,4889 classtype:web-application-activity sid:1788
		LogAs="SID1763"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cgiproc?Nocfile="'	$Tail	# '"WEB-CGI Nortel Contivity cgiproc DOS attempt"' nessus,10160 bugtraq,938 cve,CVE-2000-0064 cve,CVE-2000-0063 classtype:web-application-attack sid:1763
		LogAs="SID1764"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cgiproc?$"'	$Tail	# '"WEB-CGI Nortel Contivity cgiproc DOS attempt"' nessus,10160 bugtraq,938 cve,CVE-2000-0064 cve,CVE-2000-0063 classtype:web-application-attack sid:1764
		LogAs="SID1765"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cgiproc"'	$Tail	# '"WEB-CGI Nortel Contivity cgiproc access"' nessus,10160 bugtraq,938 cve,CVE-2000-0064 cve,CVE-2000-0063 classtype:web-application-activity sid:1765
		LogAs="SID1805"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/rwcgi60"' --string '"setauth="'	$Tail	# '"WEB-CGI Oracle reports CGI access"' bugtraq,4848 classtype:web-application-activity sid:1805
		LogAs="SID1824"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/alienform.cgi"'	$Tail	# '"WEB-CGI alienform.cgi access"' nessus,11027 bugtraq,4983 classtype:web-application-activity sid:1824
		LogAs="SID1825"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/af.cgi"'	$Tail	# '"WEB-CGI AlienForm af.cgi access"' nessus,11027 bugtraq,4983 classtype:web-application-activity sid:1825
		LogAs="SID1868"		$Ipt -A $Me -p tcp --dport 8080 -m string --string '"/story.pl"' --string '"next=../"'	$Tail	# '"WEB-CGI story.pl arbitrary file read attempt"' nessus,10817 cve,CVE-2001-0804 classtype:default-login-attempt sid:1868
		LogAs="SID1869"		$Ipt -A $Me -p tcp --dport 8080 -m string --string '"/story.pl"'	$Tail	# '"WEB-CGI story.pl access"' nessus,10817 cve,CVE-2001-0804 classtype:default-login-attempt sid:1869
		LogAs="SID1870"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/.cobalt/siteUserMod/siteUserMod.cgi"'	$Tail	# '"WEB-CGI siteUserMod.cgi access"' nessus,10253 cve,CVE-2000-0117 classtype:web-application-activity sid:1870
		LogAs="SID1875"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cgicso"'	$Tail	# '"WEB-CGI cgicso access"' nessus,10779 nessus,10780 classtype:web-application-activity sid:1875
		LogAs="SID1876"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/nph-publish.cgi"'	$Tail	# '"WEB-CGI nph-publish.cgi access"' nessus,10164 cve,CVE-1999-1177 classtype:web-application-activity sid:1876
		LogAs="SID1877"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/printenv"'	$Tail	# '"WEB-CGI printenv access"' nessus,10503 cve,CVE-2000-0868 classtype:web-application-activity sid:1877
		LogAs="SID1878"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/sdbsearch.cgi"'	$Tail	# '"WEB-CGI sdbsearch.cgi access"' nessus,10503 cve,CVE-2000-0868 classtype:web-application-activity sid:1878
		LogAs="SID1931"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/rpc-nlog.pl"'	$Tail	# '"WEB-CGI rpc-nlog.pl access"' classtype:web-application-activity cve,CAN-1999-1278 sid:1931
		LogAs="SID1932"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/rpc-smb.pl"'	$Tail	# '"WEB-CGI rpc-smb.pl access"' classtype:web-application-activity cve,CAN-1999-1278 sid:1932
		LogAs="SID1933"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cart.cgi"'	$Tail	# '"WEB-CGI cart.cgi access"' classtype:web-application-activity sid:1933
		LogAs="SID1994"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/vpasswd.cgi"'	$Tail	# '"WEB-CGI vpasswd.cgi access"' nessus,11165 classtype:web-application-activity sid:1994
		LogAs="SID1995"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/alya.cgi"'	$Tail	# '"WEB-CGI alya.cgi access"' nessus,11118 classtype:web-application-activity sid:1995
		LogAs="SID1996"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/viralator.cgi"'	$Tail	# '"WEB-CGI viralator.cgi access"' nessus,11107 cve,CAN-2001-0849 classtype:web-application-activity sid:1996
		LogAs="SID2001"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/smartsearch.cgi"'	$Tail	# '"WEB-CGI smartsearch.cgi access"' classtype:web-application-activity sid:2001
		LogAs="SID1862"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/mrtg.cgi"' --string '"cfg=/../"'	$Tail	# '"WEB-CGI mrtg.cgi directory traversal attempt"' nessus,11001 classtype:web-application-attack sid:1862
		LogAs="SID2052"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/overflow.cgi"'	$Tail	# '"WEB-CGI overflow.cgi access"' nessus,11190 url,www.cert.org/advisories/CA-2002-35.html classtype:web-application-activity sid:2052
		LogAs="SID1850"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/way-board.cgi"'	$Tail	# '"WEB-CGI way-board.cgi access"' nocase-ignored nessus,10610 classtype:web-application-activity sid:1850
		LogAs="SID2053"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/process_bug.cgi"'	$Tail	# '"WEB-CGI process_bug.cgi access"' nocase-ignored cve,CAN-2002-0008 classtype:web-application-activity sid:2053
		LogAs="SID2055"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/enter_bug.cgi"'	$Tail	# '"WEB-CGI enter_bug.cgi access"' nocase-ignored cve,CAN-2002-0008 classtype:web-application-activity sid:2055
		LogAs="SID2085"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/parse_xml.cgi"'	$Tail	# '"WEB-CGI parse_xml.cgi access"' nocase-ignored cve,CAN-2003-0054 classtype:web-application-activity sid:2085
		LogAs="SID2086"		$Ipt -A $Me -p tcp --dport 1220 -m string --string '"/parse_xml.cgi"'	$Tail	# '"WEB-CGI streaming server parse_xml.cgi access"' nocase-ignored cve,CAN-2003-0054 classtype:web-application-activity sid:2086
		LogAs="SID2115"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/album.pl"'	$Tail	# '"WEB-CGI album.pl access"' nocase-ignored bugtraq,7444 classtype:web-application-activity sid:2115
		LogAs="SID2116"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/chipcfg.cgi"'	$Tail	# '"WEB-CGI chipcfg.cgi access"' nocase-ignored bugtraq,2767 cve,CAN-2001-1341 classtype:web-application-activity sid:2116
		LogAs="SID2127"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/ikonboard.cgi"'	$Tail	# '"WEB-CGI ikonboard.cgi access"' nocase-ignored bugtraq,7361 nessus,11605 classtype:web-application-activity sid:2127
		LogAs="SID2128"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/srsrv.cgi"'	$Tail	# '"WEB-CGI swsrv.cgi access"' nocase-ignored cve,CAN-2003-0217 nessus,11608 classtype:web-application-activity sid:2128
		LogAs="SID2194"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/CSMailto.cgi"'	$Tail	# '"WEB-CGI CSMailto.cgi access"' nocase-ignored cve,CAN-2002-0749 nessus,11748 classtype:web-application-activity sid:2194
		LogAs="SID2195"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/alert.cgi"'	$Tail	# '"WEB-CGI alert.cgi access"' nocase-ignored cve,CAN-2002-0346 nessus,11748 classtype:web-application-activity sid:2195
		LogAs="SID2196"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/alert.cgi"'	$Tail	# '"WEB-CGI catgy.cgi access"' nocase-ignored cve,CAN-2001-1212 nessus,11748 classtype:web-application-activity sid:2196
		LogAs="SID2197"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/csview2.cgi"'	$Tail	# '"WEB-CGI cvsview2.cgi access"' nocase-ignored cve,CAN-2003-0153 nessus,11748 classtype:web-application-activity sid:2197
		LogAs="SID2198"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/cvslog.cgi"'	$Tail	# '"WEB-CGI cvslog.cgi access"' nocase-ignored cve,CAN-2003-0153 nessus,11748 classtype:web-application-activity sid:2198
		LogAs="SID2199"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/multidiff.cgi"'	$Tail	# '"WEB-CGI multidiff.cgi access"' nocase-ignored cve,CAN-2003-0153 nessus,11748 classtype:web-application-activity sid:2199
		LogAs="SID2200"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/dnewsweb.cgi"'	$Tail	# '"WEB-CGI dnewsweb.cgi access"' nocase-ignored cve,CAN-2000-0423 nessus,11748 classtype:web-application-activity sid:2200
		LogAs="SID2201"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/download.cgi"'	$Tail	# '"WEB-CGI download.cgi access"' nocase-ignored cve,CAN-1999-1377 nessus,11748 classtype:web-application-activity sid:2201
		LogAs="SID2202"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/edit_action.cgi"'	$Tail	# '"WEB-CGI edit_action.cgi access"' nocase-ignored cve,CAN-2001-1196 nessus,11748 classtype:web-application-activity sid:2202
		LogAs="SID2203"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/everythingform.cgi"'	$Tail	# '"WEB-CGI everythingform.cgi access"' nocase-ignored cve,CAN-2001-0023 nessus,11748 classtype:web-application-activity sid:2203
		LogAs="SID2204"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/ezadmin.cgi"'	$Tail	# '"WEB-CGI ezadmin.cgi access"' nocase-ignored cve,CAN-2002-0263 nessus,11748 classtype:web-application-activity sid:2204
		LogAs="SID2205"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/ezboard.cgi"'	$Tail	# '"WEB-CGI ezboard.cgi access"' nocase-ignored cve,CAN-2002-0263 nessus,11748 classtype:web-application-activity sid:2205
		LogAs="SID2206"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/ezman.cgi"'	$Tail	# '"WEB-CGI ezman.cgi access"' nocase-ignored cve,CAN-2002-0263 nessus,11748 classtype:web-application-activity sid:2206
		LogAs="SID2207"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/fileseek.cgi"'	$Tail	# '"WEB-CGI fileseek.cgi access"' nocase-ignored cve,CAN-2002-0611 nessus,11748 classtype:web-application-activity sid:2207
		LogAs="SID2208"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/fom.cgi"'	$Tail	# '"WEB-CGI fom.cgi access"' nocase-ignored cve,CAN-2002-0230 nessus,11748 classtype:web-application-activity sid:2208
		LogAs="SID2209"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/getdoc.cgi"'	$Tail	# '"WEB-CGI getdoc.cgi access"' nocase-ignored cve,CAN-2000-0288 nessus,11748 classtype:web-application-activity sid:2209
		LogAs="SID2210"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/global.cgi"'	$Tail	# '"WEB-CGI global.cgi access"' nocase-ignored cve,CVE-2000-0952 nessus,11748 classtype:web-application-activity sid:2210
		LogAs="SID2211"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/guestserver.cgi"'	$Tail	# '"WEB-CGI guestserver.cgi access"' nocase-ignored cve,CAN-2001-0180 nessus,11748 classtype:web-application-activity sid:2211
		LogAs="SID2212"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/imageFolio.cgi"'	$Tail	# '"WEB-CGI imageFolio.cgi access"' nocase-ignored cve,CAN-2002-1334 nessus,11748 classtype:web-application-activity sid:2212
		LogAs="SID2213"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/mailfile.cgi"'	$Tail	# '"WEB-CGI mailfile.cgi access"' nocase-ignored cve,CVE-2000-0977 nessus,11748 classtype:web-application-activity sid:2213
		LogAs="SID2214"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/mailview.cgi"'	$Tail	# '"WEB-CGI mailview.cgi access"' nocase-ignored cve,CAN-2000-0526 nessus,11748 classtype:web-application-activity sid:2214
		LogAs="SID2215"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/nsManager.cgi"'	$Tail	# '"WEB-CGI nsManager.cgi access"' nocase-ignored cve,CAN-2000-1023 nessus,11748 classtype:web-application-activity sid:2215
		LogAs="SID2216"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/readmail.cgi"'	$Tail	# '"WEB-CGI readmail.cgi access"' nocase-ignored cve,CAN-2001-1283 nessus,11748 classtype:web-application-activity sid:2216
		LogAs="SID2217"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/printmail.cgi"'	$Tail	# '"WEB-CGI printmail.cgi access"' nocase-ignored cve,CAN-2001-1283 nessus,11748 classtype:web-application-activity sid:2217
		LogAs="SID2218"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/service.cgi"'	$Tail	# '"WEB-CGI service.cgi access"' nocase-ignored cve,CAN-2002-0346 nessus,11748 classtype:web-application-activity sid:2218
		LogAs="SID2219"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/setpasswd.cgi"'	$Tail	# '"WEB-CGI setpasswd.cgi access"' nocase-ignored cve,CAN-2001-0133 nessus,11748 classtype:web-application-activity sid:2219
		LogAs="SID2220"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/simplestmail.cgi"'	$Tail	# '"WEB-CGI simplestmail.cgi access"' nocase-ignored cve,CAN-2001-0022 nessus,11748 classtype:web-application-activity sid:2220
		LogAs="SID2221"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/ws_mail.cgi"'	$Tail	# '"WEB-CGI ws_mail.cgi access"' nocase-ignored cve,CAN-2001-1343 nessus,11748 classtype:web-application-activity sid:2221
		LogAs="SID2222"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/nph-exploitscanget.cgi"'	$Tail	# '"WEB-CGI nph-exploitscanget.cgi access"' nocase-ignored bugtraq,7910 bugtraq,7911 bugtraq,7912 nessus,11740 classtype:web-application-activity sid:2222
		LogAs="SID2223"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/csNews.cgi"'	$Tail	# '"WEB-CGI csNews.cgi access"' nocase-ignored bugtraq,4994 cve,CVE-2002-0923 nessus,11726 classtype:web-application-activity sid:2223
		LogAs="SID2224"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/psunami.cgi"'	$Tail	# '"WEB-CGI psunami.cgi access"' nocase-ignored bugtraq,6607 nessus,11750 classtype:web-application-activity sid:2224
		LogAs="SID2225"		$Ipt -A $Me -p tcp --dport 80 -m string --string '"/gozila.cgi"'	$Tail	# '"WEB-CGI gozila.cgi access"' nocase-ignored nessus,11773 classtype:web-application-activity sid:2225


		;;
	destroy)
		echo "Stopping $Me" >&2
		DestroyChain $Me
		;;
	renamechain)
		TempChain="$Me-$RANDOM"
		echo "Replacing existing rules in $Me with new rules" >&2
		$IptablesBin -E $Me $TempChain
		;;
	replacelinks)
		if [ -z "$TempChain" ]; then
			echo "No temporary chain to relink in $Me replacelinks, replace operation incomplete." >&2
		elif ! $IptablesBin -L $Me -n >/dev/null 2>&1 ; then
			echo "No $Me chain in $Me, replace operation incomplete." >&2
		elif ! $IptablesBin -L $TempChain -n >/dev/null 2>&1 ; then
			echo "No $TempChain chain in $Me, replace operation incomplete." >&2
		elif [ "`$IptablesBin -L INPUT -n --line-numbers | grep $TempChain | wc -l`" -ne 1 ]; then
			echo "Too few/many references to $TempChain in INPUT in $Me replacelinks, replace operation incomplete." >&2
		elif [ "`$IptablesBin -L FORWARD -n --line-numbers | grep $TempChain | wc -l`" -ne 1 ]; then
			echo "Too few/many references to $TempChain in FORWARD in $Me replacelinks, replace operation incomplete." >&2
		elif [ "`$IptablesBin -L OUTPUT -n --line-numbers | grep $TempChain | wc -l`" -ne 1 ]; then
			echo "Too few/many references to $TempChain in OUTPUT in $Me replacelinks, replace operation incomplete." >&2
		else
#ZZZZ Place the same criteria you used in link/unlink above in the following three lines.
#ZZZZ Criteria should go just in front of "-j $Me"
			$IptablesBin -R INPUT `$IptablesBin -L INPUT -n --line-numbers | grep $TempChain | awk '{print $1}'` -i \! lo		-j $Me
			$IptablesBin -R FORWARD `$IptablesBin -L FORWARD -n --line-numbers | grep $TempChain | awk '{print $1}'`		-j $Me
			$IptablesBin -R OUTPUT `$IptablesBin -L OUTPUT -n --line-numbers | grep $TempChain | awk '{print $1}'`			-j $Me
			DestroyChain $TempChain
			unset TempChain
		fi
		;;
	status)
		if $IptablesBin -L $Me -n >/dev/null 2>&1 ; then
			echo "$Me created" >&2
		else
			echo "$Me destroyed" >&2
		fi
		;;
	version)
		echo "$Me $MyVersion, firebrickslib $FBLibVer" >&2
		;;
	help)
		DefaultHelp
#ZZZZ Please change the text to appropriate help text for this module.  You should
#ZZZZ cover what the module does, if it's generally safe to use, and under what
#ZZZZ conditions it should not be used.  Please replace the lines between the two
#ZZZZ EOTEXT lines with your own.
		cat <<EOTEXT >&2
	The $Me module puts in some blocks for fragmented icmp packets
(illegal) and address mask and timestamp requests and replies.  At best,
these are uncommon and are used in network mapping.  These rules should
be safe to use on any network.
EOTEXT
		;;
	*)
		echo "Unknown action $Action in $Me, no action taken." >&2
		;;
	esac
done