Running fwsnort
With fwsnort installed on a system that offers string-match support in the kernel, we can now put fwsnort to work for us. Without further ado, we fire up fwsnort from the command line. Normally, fwsnort is executed as root because by default it queries iptables in order to determine which extensions are available in the running kernel, and then it tailors the translation process accordingly[59] (some output below is abbreviated):
[iptablesfw]# fwsnort Snort Rules File Success Fail Ipt_apply Total [+] attack-responses.rules 15 2 0 17 [+] backdoor.rules 62 7 1 69 [+] bad-traffic.rules 10 3 0 13 [+] bleeding-all.rules 1076 573 5 1649 [+] exploit.rules 31 43 0 74 [+] web-cgi.rules 286 62 0 348 [+] web-client.rules 7 10 0 17 [+] web-coldfusion.rules ...
Get Linux Firewalls now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.