fwsnort - IPTables based Intrusion Detection with String Matching and Snort Rules

fwsnort parses the rules files included in the Snort intrusion detection system and builds an equivalent iptables ruleset for as many rules as possible. fwsnort utilizes the Netfilter string match module (together with a custom patch that adds a --hex-string option to the iptables user space code) to detect application level signatures.

fwsnort accepts command line arguments to restrict processing to any particular class of snort rules such as "ddos", "backdoor", or "web-attacks". Processing can even be restricted to a specific snort rule as identified by its "snort id" or "sid".