Firewall Monitor
fwmon is a firewall monitor for Linux. It integrates with ipchains/iptables to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary with hex and ASCII data dumps to stdout, a logfile, tcpdump-style capture files, and even syslog. It also boasts some simple security features such as the ability to chroot itself, and operate in a non-root environment.
| Tags | Security Networking Firewalls Monitoring |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX Linux |
| Implementation | C |
Recent releases
- 14 Feb 2002 14:45
Changes: A bug where tcpdump files would get overwritten instead of appended to has been fixed. The tcpdump magic number problem has been fixed. A sniffer mode has been added which utilises Linux mmap() packet socket and is very fast.
- 12 Feb 2002 16:06
Changes: A fix for broken permissions on libpcap file creation which could potentially make them world-readable, and minor performance enhancements.
- 25 Jan 2002 06:24
Changes: This release fixes a major crashing bug when the kernel sends oversized packets, an old race condition in the libpcap code, and a small bug in syslog output. It optimizes the code, and adds some new and nicer error messages. fwmon now also emits an error when no output mode is specified.
- 29 Dec 2001 15:40
Changes: A fix for a bug which caused corrupt libpcap files on logrotate, reworked SQL output (much simpler to use -rewrote initdb.sql to reflect the changes), printing the fwmark field out to logfiles, some minor documentation updates, and tidying up the code that works out ICMP type names.
- 31 Oct 2001 15:39
Changes: A fix for a remote DoS caused by stack based buffer overflow (not exploitable to run shellcode), and removing limitations on size of printable packets.
