cipherdyne.org

22 January, 2008

The 1.0.4 release of fwsnort is ready for download. This release is mostly a bugfix release for bugs discovered and patched by Grant Ferley (thanks for the contributions both on the fwsnort mailing list and also via personal correspondence). Because these fixes mostly apply to the IPTables::Parse perl module, they will also make it into the psad and fwknop projects. Here is the full ChangeLog:

• (Grant Ferley) Submitted patch to exclude loopback interfaces from iptables allow rules parsing. This behavior can be reversed with the existing --no-exclude-loopback command line argument.
• (Grant Ferley) Submitted patch to IPTables::Parse to take into account iptables policy output that contains "0" instead of "all" to represent any protocol.
• (Grant Ferley) Submitted patch to IPTables::Parse to set sport and dport to '0:0' if the protocol is 'all'.
• Bugfix to allow negated networks to be specified within iptables allow rules or within the fwsnort.conf file.
• Updated install.pl to set the LC_ALL environmental variable to "C". This should fix potential locale problems (this fix was borrowed from the fwknop project).