fwmon is a firewall monitor for Linux. It integrates with ipchains/iptables to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary with hex and ASCII data dumps to stdout, a logfile, tcpdump-style capture files, and even syslog. It also boasts some simple security features such as the ability to chroot itself, and operate in a non-root environment.
|Tags||Security Networking Firewalls Monitoring|
|Operating Systems||POSIX Linux|
Release Notes: A bug where tcpdump files would get overwritten instead of appended to has been fixed. The tcpdump magic number problem has been fixed. A sniffer mode has been added which utilises Linux mmap() packet socket and is very fast.
Release Notes: A fix for broken permissions on libpcap file creation which could potentially make them world-readable, and minor performance enhancements.
Release Notes: This release fixes a major crashing bug when the kernel sends oversized packets, an old race condition in the libpcap code, and a small bug in syslog output. It optimizes the code, and adds some new and nicer error messages. fwmon now also emits an error when no output mode is specified.
Release Notes: A fix for a bug which caused corrupt libpcap files on logrotate, reworked SQL output (much simpler to use -rewrote initdb.sql to reflect the changes), printing the fwmark field out to logfiles, some minor documentation updates, and tidying up the code that works out ICMP type names.
Release Notes: A fix for a remote DoS caused by stack based buffer overflow (not exploitable to run shellcode), and removing limitations on size of printable packets.