[Snort-users] Guardian Overhaul
nick at ...176...
Fri Sep 28 12:05:02 EDT 2001
On Fri, 28 Sep 2001, Nick Rogness wrote:
DAMN! I overhauled based on guardian-1.3.0 which was available
via www.snort.org. You can add "merge changes from 1.4" to the
things todo list. Sorry bout that.
Most of the "TODO" list should be done this weekend.
> Well, I've spent the last couple of days redoing gaurdian. Here is
> the list of added enhancments:
> -FreeBSD ipfw support (specify firewallType in conf file)
> -Firewall interface
> - Max Firewall rule size
> - An expire timer that runs (old guardian didn't expire properly)
> - Ability to handle mulitple Class C (or smaller) targets
> - Reuse of Firewall rules (FreeBSD only)
> - Easy to add other Firewall tools (send requests)
> -IPFilter support (Should be done real soon)
> -See what IP's are blocked with SIGUSR2 signal (without flushing fw)
> -Better error checking
> -Better logging
> -General bug fixes
> I have tarballed it up at:
> Things that still need to be done:
> -Official documentation (man pages, README, etc)
> -Bug reports/fixes (especially Linux people...don't have Linux)
> -Better loading (PM's maybe?)
> -Ignoring Anomolies
> -PreProcessor log recognition
> -Other stupid stuff ;-)
> I didn't update any of the docs (with the exception of guardian.conf)
> to reflect my changes. I figured with nimda on the loose people could
> use this in a hurry. All should be fixed this weeked (yes IPF support
> too). For all you FreeBSD lovers out there, I will make a 'port' out
> of it this weekend.
> Nick Rogness
> nick at ...176...
> RapidNet Internet Services
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
nick at ...176...
RapidNet Internet Services
More information about the Snort-users