Fwsnort: --hex-string syntax bug

2011-07-29 Thread Kees de Jong 
Hi,


I've been trying to file a bug report trough the bug report tool of
Debian. But without a succes.
So I'll just inform you all about this bug since I do want to inform you
about it.
I'm sorry this isn't the proper method, but bugreport isn't cooperative
with my SMTP for some reason.

I've discovered that fwsnort generates a small but significant syntax
error when this iptable rule is present: # ICMP echo request
$IPTABLES -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT

The below fwsnort rule is generated which makes 'iptables-persistent'
crash on boot, which in turn boots Debian without a firewall.
-A FWSNORT_INPUT -p icmp -m icmp --icmp-type 8 -m string --hex-string|
0102030405060708090a0b0c0d0e0f|  --algo bm --to 74 -m comment --comment
sid:2100369; msg:GPL ICMP_INFO PING BayRS Router;
classtype:misc-activity; reference:arachnids,438; rev:7; FWS:1.5; -j
LOG --log-prefix [11] SID2100369  --log-ip-options

The right syntax should be: --hex-string |
0102030405060708090a0b0c0d0e0f|
It's a small syntax error, I'm sorry I don't have the time to fix this
bug. I hope I've given enough information to you to fix this problem.

In the mean time this can be fixed by editing the saved iptable
configuration in /etc/iptables/rules.v4
To display some helpful debugging information you can run: #
iptables-restore  /etc/iptables/rules.v4 
This will inform you of the line where this syntax error is. Then edit
it accordingly with your favorite text editor.



-- 
Kind regards,
Kees de Jong



De informatie opgenomen in dit bericht kan vertrouwelijk
zijn en is uitsluitend bestemd voor de
geadresseerde(n). 
Indien u dit bericht onterecht ontvangt, wordt u
verzocht de inhoud niet te gebruiken en de afzender
direct te informeren door het bericht te retourneren.
--
The information contained in this message may be
confidential and is intended to be exclusively for the
addressee(s). 
Should you receive this message unintentionally, please
do not use the contents herein and notify the sender
immediately by return e-mail.












signature.asc
Description: This is a digitally signed message part

Re: Fwsnort: --hex-string syntax bug

2011-07-29 Thread Michael Tautschnig 
Hi,

 I've been trying to file a bug report trough the bug report tool of
 Debian. But without a succes.
 So I'll just inform you all about this bug since I do want to inform you
 about it.
 I'm sorry this isn't the proper method, but bugreport isn't cooperative
 with my SMTP for some reason.

[...]

You might want to simply file your bug report via email. Please see

http://www.debian.org/Bugs/Reporting

and skip to Sending the bug report via e-mail.

Hope this helps,
Michael



pgp0Dnt5MQKDz.pgp
Description: PGP signature