Fwsnort translates Snort rules into equivalent iptables rules and generates a shell script that implements the resulting iptables commands.

This allows network traffic that matches Snort signatures to be logged and/or dropped by iptables directly without putting any interface into promiscuous mode or queuing packets from kernel to user space.