I'm posting this here because some people combine psad with fwsnort
in order to detect application layer attacks.

MD5: a4aeb9551ab02fb726879eabfdc1bde5

This is a -pre release of fwsnort-1.5, which will be a major update.
I'm hoping for a couple of test results on the -pre4 release, which
contains a change that moves fwsnort to use the iptables-save format
instead of executing an individual iptables command for each fwsnort

The impacts are:

1) Execution time to instantiate an fwsnort policy should go from
minutes (for long fwsnort policies) down to seconds.

2) fwsnort policies are spliced into the running iptables policy
at the time of execution of the fwsnort perl script - not the time
when the /etc/fwsnort/ script is executed.  This is not a
big deal if you normally execute after the perl script,
or if you don't change your iptables policy around much between the

3) If there is any problem with a single fwsnort rule, then the
whole policy is not instantiate at all - this helps to ensure that
there is not a chance for a inconsistent policy.

Please let me know if there are any issues.


Michael Rash | Founder
Key fingerprint: E2EF 0C8A 5AA9 654C 4763  B50F 37AC E946 7F51 8271

Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
psad-discuss mailing list

Reply via email to