root@debian-sergio:/etc/fwsnort/snort_rules# fwsnort
[+] Testing /sbin/iptables for supported capabilities...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Snort Rules File Success Fail Total
[+] app-detect.rules 0 2 2
[+] attack-responses.rules 16 1 17
[+] backdoor.rules 65 11 76
[+] bad-traffic.rules 9 3 12
[+] blacklist.rules 0 0 0
[+] botnet-cnc.rules 0 0 0
[+] browser-chrome.rules 0 0 0
[+] browser-firefox.rules 0 15 15
[+] browser-ie.rules 0 1184 1184
[+] browser-other.rules 0 6 6
[+] browser-plugins.rules 0 31 31
[+] browser-webkit.rules 0 0 0
[+] chat.rules 29 1 30
[+] content-replace.rules 0 0 0
[+] ddos.rules 18 14 32
[+] dns.rules 19 2 21
[+] dos.rules 9 7 16
[+] emerging-all.rules 0 16869 16869
[+] experimental.rules 0 0 0
[+] exploit-kit.rules 0 491 491
[+] exploit.rules 36 46 82
[+] file-executable.rules 0 13 13
[+] file-flash.rules 0 1477 1477
[+] file-identify.rules 0 977 977
[+] file-image.rules 0 99 99
[+] file-java.rules 0 112 112
[+] file-multimedia.rules 0 53 53
[+] file-office.rules 0 426 426
[+] file-other.rules 0 239 239
[+] file-pdf.rules 0 456 456
[+] finger.rules 13 1 14
[+] ftp.rules 21 49 70
[+] icmp-info.rules 65 28 93
[+] icmp.rules 18 4 22
[+] imap.rules 1 37 38
[+] indicator-compromise.rules0 26 26
[+] indicator-obfuscation.rules0 38 38
[+] indicator-scan.rules 0 2 2
[+] indicator-shellcode.rules 0 0 0
[+] info.rules 8 2 10
[+] local.rules 0 0 0
[+] malware-backdoor.rules 0 107 107
[+] malware-cnc.rules 0 2732 2732
[+] malware-other.rules 0 299 299
[+] malware-tools.rules 0 12 12
[+] misc.rules 42 18 60
[+] multimedia.rules 4 6 10
[+] mysql.rules 3 0 3
[+] netbios.rules 11 419 430
[+] nntp.rules 0 13 13
[+] oracle.rules 3 295 298
[+] os-linux.rules 0 15 15
[+] os-mobile.rules 0 3 3
[+] os-other.rules 0 38 38
[+] os-solaris.rules 0 3 3
[+] os-windows.rules 0 326 326
[+] other-ids.rules 3 0 3
[+] p2p.rules 18 0 18
[+] phishing-spam.rules 0 0 0
[+] policy-multimedia.rules 0 0 0
[+] policy-other.rules 0 7 7
[+] policy-social.rules 2 0 2
[+] policy-spam.rules 0 0 0
[+] policy.rules 20 1 21
[+] pop2.rules 2 2 4
[+] pop3.rules 6 21 27
[+] porn.rules 21 0 21
[+] protocol-dns.rules 0 1 1
[+] protocol-finger.rules 0 0 0
[+] protocol-ftp.rules 0 0 0
[+] protocol-icmp.rules 0 0 0
[+] protocol-imap.rules 0 2 2
[+] protocol-nntp.rules 0 0 0
[+] protocol-other.rules 0 4 4
[+] protocol-pop.rules 0 1 1
[+] protocol-rpc.rules 0 0 0
[+] protocol-scada.rules 0 10 10
[+] protocol-services.rules 0 0 0
[+] protocol-snmp.rules 0 1 1
[+] protocol-telnet.rules 0 1 1
[+] protocol-tftp.rules 0 0 0
[+] protocol-voip.rules 0 2 2
[+] pua-adware.rules 0 24 24
[+] pua-other.rules 0 4 4
[+] pua-p2p.rules 0 0 0
[+] pua-toolbars.rules 0 3 3
[+] rpc.rules 37 91 128
[+] rservices.rules 13 0 13
[+] scada.rules 0 0 0
[+] scan.rules 14 4 18
[+] server-apache.rules 0 23 23
[+] server-iis.rules 0 0 0
[+] server-mail.rules 0 9 9
[+] server-mssql.rules 0 1 1
[+] server-mysql.rules 0 1 1
[+] server-oracle.rules 0 2 2
[+] server-other.rules 0 210 210
[+] server-samba.rules 0 8 8
[+] server-webapp.rules 0 220 220
[+] shellcode.rules 21 0 21
[+] smtp.rules 14 45 59
[+] snmp.rules 17 0 17
[+] specific-threats.rules 0 0 0
[+] spyware-put.rules 0 0 0
[+] sql.rules 42 4 46
[+] telnet.rules 13 2 15
[+] tftp.rules 9 2 11
[+] virus.rules 0 1 1
[+] voip.rules 0 0 0
[+] web-activex.rules 0 0 0
[+] web-attacks.rules 46 0 46
[+] web-cgi.rules 348 2 350
[+] web-client.rules 9 16 25
[+] web-coldfusion.rules 35 0 35
[+] web-frontpage.rules 35 0 35
[+] web-iis.rules 112 7 119
[+] web-misc.rules 300 28 328
[+] web-php.rules 115 11 126
[+] x11.rules 2 0 2
=============================
1644 27779 29423
[+] Generated iptables rules for 1644 out of 29423 signatures: 5.59%
[+] Logfile: /var/log/fwsnort/fwsnort.log
[+] iptables script (individual commands): /var/lib/fwsnort/fwsnort_iptcmds.sh
Main fwsnort iptables-save file: /var/lib/fwsnort/fwsnort.save
You can instantiate the fwsnort policy with the following command:
/sbin/iptables-restore < /var/lib/fwsnort/fwsnort.save
Or just execute: /var/lib/fwsnort/fwsnort.sh