Snort-to-iptables rule translator

 Fwsnort translates Snort rules into equivalent iptables rules and
 generates a shell script that implements the resulting iptables
 commands.
 .
 This allows network traffic that matches Snort signatures to be logged
 and/or dropped by iptables directly without putting any interface into
 promiscuous mode or queuing packets from kernel to user space.