Snort mailing list archives
Guardian Overhaul
From: Nick Rogness <nick () rapidnet com>
Date: Fri, 28 Sep 2001 01:25:01 -0600 (MDT)
Well, I've spent the last couple of days redoing gaurdian. Here is the
list of added enhancments:
-FreeBSD ipfw support (specify firewallType in conf file)
-Firewall interface
- Max Firewall rule size
- An expire timer that runs (old guardian didn't expire properly)
- Ability to handle mulitple Class C (or smaller) targets
- Reuse of Firewall rules (FreeBSD only)
- Easy to add other Firewall tools (send requests)
-IPFilter support (Should be done real soon)
-See what IP's are blocked with SIGUSR2 signal (without flushing fw)
-Better error checking
-Better logging
-General bug fixes
I have tarballed it up at:
http://freebsd.rogness.net/snort/guardian-2.0b.tgz
Things that still need to be done:
-Official documentation (man pages, README, etc)
-Bug reports/fixes (especially Linux people...don't have Linux)
-Commenting
-Better loading (PM's maybe?)
-Ignoring Anomolies
-PreProcessor log recognition
-Other stupid stuff ;-)
I didn't update any of the docs (with the exception of guardian.conf) to
reflect my changes. I figured with nimda on the loose people could use
this in a hurry. All should be fixed this weeked (yes IPF support too).
For all you FreeBSD lovers out there, I will make a 'port' out of it this
weekend.
Nick Rogness
nick () rapidnet com
RapidNet Internet Services
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- guardian + snort Dariusz BrzeziĆski (Sep 08)
- Guardian Overhaul Nick Rogness (Sep 28)
- Re: Guardian Overhaul Nick Rogness (Sep 28)
- <Possible follow-ups>
- RE: guardian + snort Jyri Hovila (Sep 08)
- RE: guardian + snort Matt Bridges (Sep 08)
- Guardian Overhaul Nick Rogness (Sep 28)