Sophie: fwsnort-1.6.8-2.mga7 noarch

fwsnort-1.6.8-2.mga7.noarch.rpm

#
###########################################################################
#
#  This is the configuration file for fwsnort.  There are some similarities
#  between this file and the configuration file for Snort.
#
###########################################################################
#

### Fwsnort treats all traffic directed to / originating from the local
### machine as going to / coming from the HOME_NET in Snort rule parlance.
### If there is only one interface on the local system, then there will be
### no rules processed via the FWSNORT_FORWARD chain because no traffic
### would make it into the iptables FORWARD chain.
HOME_NET                any;
EXTERNAL_NET            any;

### List of servers.  Fwsnort supports the same variable resolution as
### Snort.
HTTP_SERVERS            $HOME_NET;
SMTP_SERVERS            $HOME_NET;
DNS_SERVERS             $HOME_NET;
SQL_SERVERS             $HOME_NET;
TELNET_SERVERS          $HOME_NET;

### AOL AIM server nets
AIM_SERVERS             [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24, 64.12.28.0/24, 64.12.29.0/24, 64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24];

### Configurable port numbers
SSH_PORTS               22;
HTTP_PORTS              80;
SHELLCODE_PORTS         !80;
ORACLE_PORTS            1521;

### Default update URL for new rules.  This variable can be given multiple
### times on separate lines in order to specify multiple update URL's:
#UPDATE_RULES_URL       <url1>
#UPDATE_RULES_URL       <url2>
UPDATE_RULES_URL        http://rules.emergingthreats.net/open/snort-2.9.0/emerging-all.rules;

### define average packet lengths and maximum frame length.  This is
### used for iptables length match emulation of the Snort dsize option.
AVG_IP_HEADER_LEN       20;   ### IP options are not usually used.
AVG_TCP_HEADER_LEN      30;   ### Include 10 bytes for options
MAX_FRAME_LEN           1500;

### define the max length of the content (null terminated string) that
### can be passed to either the --hex-string or --string iptables matches.
### Note that as of fwsnort-1.5, the max string length supported by the
### local iptables instance is automatically determined, so this variable
### is not really needed, and just allows a max value to be set
### independently of what iptables supports.
MAX_STRING_LEN          1024;

### Use the WHITELIST variable to define a list of hosts/networks
### that should be completely ignored by fwsnort.  For example, if you
### want to whitelist the IP 192.168.10.1 and the network 10.1.1.0/24,
### you would use (note that you can also specify multiple WHITELIST
### variables, one per line). Note that by default the update IP's for
### Emerging Threats ruleset downloads are whitelisted:
## Name:   rules.emergingthreats.net
## Address: 96.43.137.99
## Name:   rules.emergingthreats.net
## Address: 204.12.217.19
WHITELIST               96.43.137.99, 204.12.217.19;

### Use the BLACKLIST variable to define a list of hosts/networks
### that for which fwsnort should DROP or REJECT all traffic.  For
### example, to DROP all traffic from the 192.168.10.0/24 network, you
### can use:
###     BLACKLIST            192.168.10.0/24    DROP;
### To have fwsnort REJECT all traffic from 192.168.10.0/24, you would
### use:
###     BLACKLIST            192.168.10.0/24    REJECT;
BLACKLIST               NONE;

### define the jump position in the built-in chains to jump to the
### fwsnort chains
FWSNORT_INPUT_JUMP      1;
FWSNORT_OUTPUT_JUMP     1;
FWSNORT_FORWARD_JUMP    1;

### iptables chains (these do not normally need to be changed).
FWSNORT_INPUT           FWSNORT_INPUT;
FWSNORT_INPUT_ESTAB     FWSNORT_INPUT_ESTAB;
FWSNORT_OUTPUT          FWSNORT_OUTPUT;
FWSNORT_OUTPUT_ESTAB    FWSNORT_OUTPUT_ESTAB;
FWSNORT_FORWARD         FWSNORT_FORWARD;
FWSNORT_FORWARD_ESTAB   FWSNORT_FORWARD_ESTAB;

### fwsnort filesystem paths
INSTALL_ROOT            /;
CONF_DIR                $INSTALL_ROOT/etc/fwsnort;
RULES_DIR               $CONF_DIR/snort_rules;
LOG_DIR                 $INSTALL_ROOT/var/log/fwsnort;
LIBS_DIR                $INSTALL_ROOT/usr/lib/fwsnort;  ### for perl modules
STATE_DIR               $INSTALL_ROOT/var/lib/fwsnort;
QUEUE_RULES_DIR         $STATE_DIR/snort_rules_queue;
ARCHIVE_DIR             $STATE_DIR/archive;

CONF_FILE               $CONF_DIR/fwsnort.conf;
LOG_FILE                $LOG_DIR/fwsnort.log;
FWSNORT_SCRIPT          $STATE_DIR/fwsnort_iptcmds.sh;  ### slow version
FWSNORT_SAVE_EXEC_FILE  $STATE_DIR/fwsnort.sh;    ### main fwsnort.sh script
FWSNORT_SAVE_FILE       $STATE_DIR/fwsnort.save;  ### main fwsnort.save file
IPT_BACKUP_SAVE_FILE    $STATE_DIR/iptables.save; ### iptables policy backup

### system binaries
shCmd                   /bin/sh;
catCmd                  /bin/cat;
grepCmd                 /bin/grep;
echoCmd                 /bin/echo;
tarCmd                  /bin/tar;
wgetCmd                 /usr/bin/wget;
unameCmd                /usr/bin/uname;
ifconfigCmd             /sbin/ifconfig;
ipCmd                   /sbin/ip;
iptablesCmd             /sbin/iptables;
iptables-saveCmd        /sbin/iptables-save;
iptables-restoreCmd     /sbin/iptables-restore;
ip6tablesCmd            /sbin/ip6tables;
ip6tables-saveCmd       /sbin/ip6tables-save;
ip6tables-restoreCmd    /sbin/ip6tables-restore;