Fwsnort: Application layer IDS/IPS with iptables

[ Thanks to An Anonymous Reader for this link. ]

"Fwsnort parses the rules files included in the Snort intrusion detection system and builds an equivalent iptables ruleset for as many rules as possible.

"Fwsnort utilizes the iptables string match module (together with a custom patch that adds a --hex-string option to the iptables user space code which is now integrated with iptables) to detect application level attacks.

"Fwsnort 1.5 now is available for download. This is a major release that moves to using the iptables-save format"

Complete Story

Related Stories:

• OSSEC: the Open Source Host Intrusion Detection System(Dec 07, 2010)
• Weekend Project: Intrusion Detection on Linux with AIDE(Dec 04, 2010)
• A Simple Snort Alert Parser(Sep 27, 2010)
• How To Configure The AIDE File Integrity Scanner For Your Website(Aug 18, 2010)
• Ubuntu 9.10 UFW Firewall(Oct 14, 2009)
• MonitoringForge.org Reaches 1,000 Registrants After First Week inBeta(Oct 01, 2009)
• Port Scan Attack Detector PSAD(Sep 24, 2009)