snort_inline is basically a modified version of Snort. It accepts packets from iptables, via libipq, instead of libpcap. It then uses new rule types to tell iptables if the packet should be dropped or allowed to pass based on the snort rule set.[talisker]check out http://www.honeynet.org/tools/- [Modifications to Snort that can block or modify attacks based on matching signatures. Works with rc.firewall script to inspect, then act upon, inbound and outbound packets. Based on Snort 2.0.]