Snort mailing list archives
Guardian Overhaul
From: Nick Rogness <nick () rapidnet com>
Date: Fri, 28 Sep 2001 01:25:01 -0600 (MDT)
Well, I've spent the last couple of days redoing gaurdian. Here is the list of added enhancments: -FreeBSD ipfw support (specify firewallType in conf file) -Firewall interface - Max Firewall rule size - An expire timer that runs (old guardian didn't expire properly) - Ability to handle mulitple Class C (or smaller) targets - Reuse of Firewall rules (FreeBSD only) - Easy to add other Firewall tools (send requests) -IPFilter support (Should be done real soon) -See what IP's are blocked with SIGUSR2 signal (without flushing fw) -Better error checking -Better logging -General bug fixes I have tarballed it up at: http://freebsd.rogness.net/snort/guardian-2.0b.tgz Things that still need to be done: -Official documentation (man pages, README, etc) -Bug reports/fixes (especially Linux people...don't have Linux) -Commenting -Better loading (PM's maybe?) -Ignoring Anomolies -PreProcessor log recognition -Other stupid stuff ;-) I didn't update any of the docs (with the exception of guardian.conf) to reflect my changes. I figured with nimda on the loose people could use this in a hurry. All should be fixed this weeked (yes IPF support too). For all you FreeBSD lovers out there, I will make a 'port' out of it this weekend. Nick Rogness nick () rapidnet com RapidNet Internet Services _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- guardian + snort Dariusz BrzeziĆski (Sep 08)
- Guardian Overhaul Nick Rogness (Sep 28)
- Re: Guardian Overhaul Nick Rogness (Sep 28)
- <Possible follow-ups>
- RE: guardian + snort Jyri Hovila (Sep 08)
- RE: guardian + snort Matt Bridges (Sep 08)
- Guardian Overhaul Nick Rogness (Sep 28)