Hello debianers! I run fwsnort to update and improve on my iptables rule sets. On updating it's rules though I got this error message: # iptables-restore < /path/to/fwsnort.save iptables-restore v1.4.14: Invalid hex char '|' Error occurred at line: 4013 Try `iptables-restore -h' or 'iptables-restore --help' for more information. The line mentioned on the error contains the rule bellow: -A FWSNORT_OUTPUT_ESTAB -p tcp -m tcp -m string --string "PRIVMSG " --algo bm -m string --hex-string "|2d2d2d2d2d2d2d2d2d2d2d2d||2d||2d|| 2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d|| 2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d|| 2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d|| 2d||2d||2d||2d||2d||2d||2d||2d||2d||2d||2d|" --algo bm --from 72 -m comment --comment "sid:2017291; msg:ET TROJAN ATTACKER IRCBot - PRIVMSG Response - net command output; classtype:trojan-activity; rev:5; FWS:1.6.2;" -j LOG --log-ip-options --log-tcp-options --log-prefix "[3006] SID2017291 ESTAB " Upon removing this line, iptables-restore did it's job without complaining. Since this line was automagically generated by "fwsnort --update-rules ; fwsnort --ipt-sync", I wonder if it's worth a bug report. -- André N. Batista GNUPG/PGP KEY: 6722CF80
Attachment:
signature.asc
Description: This is a digitally signed message part