fwsnort 用来将 snort 的规则转成 iptables 的规则。
By making use of the iptables string match module, fwsnort can detect application layer signatures which exist in many snort rules. fwsnort adds a –hex-string option to iptables, which allows snort rules that contain hex characters to be input directly into iptables rulesets without modification. In addition, fwsnort makes use of the IPTables::Parse Perl module in order to (optionally) restrict the snort rule translation to only those rules that specify traffic that could potentially be allowed through an existing iptables policy.
