[Snort-users] Guardian Overhaul

Nick Rogness nick at ...176...
Fri Sep 28 00:26:02 EDT 2001


Well, I've spent the last couple of days redoing gaurdian.  Here is the
list of added enhancments:

 -FreeBSD ipfw support (specify firewallType in conf file)
 -Firewall interface
	- Max Firewall rule size 
	- An expire timer that runs (old guardian didn't expire properly)
	- Ability to handle mulitple Class C (or smaller) targets
	- Reuse of Firewall rules (FreeBSD only)
	- Easy to add other Firewall tools (send requests)
 -IPFilter support (Should be done real soon)
 -See what IP's are blocked with SIGUSR2 signal (without flushing fw)
 -Better error checking
 -Better logging
 -General bug fixes

I have tarballed  it up at:

http://freebsd.rogness.net/snort/guardian-2.0b.tgz

Things that still need to be done:

 -Official documentation (man pages, README, etc)
 -Bug reports/fixes (especially Linux people...don't have Linux)
 -Commenting
 -Better loading (PM's maybe?)
 -Ignoring Anomolies 
 -PreProcessor log recognition
 -Other stupid stuff ;-)

I didn't update any of the docs (with the exception of guardian.conf) to
reflect my changes.  I figured with nimda on the loose people could use
this in a hurry.  All should be fixed this weeked (yes IPF support too).
For all you FreeBSD lovers out there, I will make a 'port' out of it this
weekend.



Nick Rogness
nick at ...176...
RapidNet Internet Services





More information about the Snort-users mailing list