Up one level
2.4.13-ac5-mega-ipfilter-patch.gz 17171 Oct 15 2001
2.4.15-pre6-mega-ipfilter-patch.gz 23339 Nov 19 2001
README 1826 May 2 2002
TODO 304 Nov 25 2003
archives Feb 21 2005
favicon.ico 20 Aug 28 2005
internal-gopher-menu 29 Aug 28 2005
internal-gopher-unknown 32 Aug 28 2005
iptables-rules.cvs.20011024.gz 28841 Oct 28 2001
iptables.cvs.20031124.v0.2.1 482500 Nov 24 2003
iptables.cvs.20031124.v0.2.1.gz 56552 Nov 24 2003
iptables.cvs.20031124.v0.2.2 484578 Nov 24 2003
iptables.cvs.20031124.v0.2.2.gz 56677 Nov 24 2003
iptables.cvs.20031124.v0.2.3 490806 Nov 25 2003
iptables.cvs.20031124.v0.2.3.gz 57324 Nov 25 2003
makebricks 1801 Nov 25 2003
packit.cvs.20031124.v0.2.2 351229 Nov 25 2003
packit.cvs.20031124.v0.2.2.gz 48478 Nov 25 2003
packit.cvs.20031124.v0.2.3 356181 Nov 25 2003
packit.cvs.20031124.v0.2.3.gz 49054 Nov 25 2003
snort2iptables 33237 Nov 25 2003
snort2iptables.v0.2.0 30108 Jul 20 2003
snort2iptables.v0.2.0.gz 8316 Jul 20 2003
snort2iptables.v0.2.2 31412 Nov 24 2003
snort2iptables.v0.2.2.gz 8593 Nov 24 2003
snort2iptables.v0.2.3 33237 Nov 25 2003
snort2iptables.v0.2.3.gz 9249 Nov 25 2003

Boldfaced directories have been collapsed into one listing. Click on them to see their contents.


	Please Note.
	This software, v0.2.0, has not been extensively tested.  It is
being made available for those that wish to try it out, but its results
should NOT be trusted.

	The enclosed iptables-rules file is a sample run from a snort
ruleset where all rules have been uncommented.  snort2iptables is able
to convert 1330 of 1451 rules (~92%), with some caveats (nocase, depth,
and offset are ignored).  Rules which cannot be faithfully converted are
left commented in the iptables-rules file, with the reason following
"Cannot convert: " on the line.

	Preprocessors and classifications are ignored.

	This script is designed to convert a snort ruleset to iptables
rules. Since it can recurse into included files, simply give it the
top-level ruleset, such as /etc/snort/snort.conf .  It can also parse
individual rulefiles.

	/usr/src/snort2iptables-0.2.0/snort2iptables  [--log] [--drop|--reject] SnortRuleFile [SnortRuleFile...]
	/usr/src/snort2iptables-0.2.0/snort2iptables  --log /etc/snort/snort.conf  >iptables.cvs.20020427.v0.2.0

	You should pick at least one of log, drop, or reject to get any
output. Log can be mixed with drop or reject.  Please note that --drop
may lead to lots of open connections; reject is recommended if you
choose to use one of drop or reject.

	One final note; because the uncompressed versions of these files
may have attack signatures in them, I suggest downloading the compressed
versions (the .gz files) and decompressing them so as not to set off
snort or have the connection killed by a previous version of the
iptables rules in effect.

	Those interested in a more faithful implementation of the Snort
ruleset in an iptables environment should take a look at Allen Francom's
hogwash-iptables at http://tempest.prismnet.com/~aef/ .

	- William Stearns 05/02/2002

The files in this collection are part of William Stearns' software archive. If any of the links on this page do not work, you may be viewing an incomplete mirror. There is a complete list of the mirror sites at the starting page for this mirror and at the primary mirror.

Generated Sat May 13 02:52:39 EDT 2006 by htmlfilelist version 0.8.4