mrash
commented
12 years ago Fixed this issue with: https://github.com/mrash/fwsnort/commit/724f75a13f3ec264eccb553c6c28f83706048047
Closed mrash closed 12 years ago
mrash
commented
12 years ago Fixed this issue with: https://github.com/mrash/fwsnort/commit/724f75a13f3ec264eccb553c6c28f83706048047
With the recent move towards producing fwsnort iptables policies in iptables-save format, a more sensible default behavior is to not interpret the running iptables policy in order to exclude Snort rules that might not apply. This option was originally added as the default because before the iptables-save format was introduced it took a while to instantiate an fwsnort iptables policy. Also, since most Snort rules restrict themselves to established TCP connections, there is little penalty (other than a small amount of kernel memory) for instantiating Snort rules for which traffic is filtered out - such TCP connections would never make to the established state anyway.