Please Note.
	
	This software, v0.2.0, has not been extensively tested.  It is
being made available for those that wish to try it out, but its results
should NOT be trusted.

	The enclosed iptables-rules file is a sample run from a snort
ruleset where all rules have been uncommented.  snort2iptables is able
to convert 1330 of 1451 rules (~92%), with some caveats (nocase, depth,
and offset are ignored).  Rules which cannot be faithfully converted are
left commented in the iptables-rules file, with the reason following
"Cannot convert: " on the line.

	Preprocessors and classifications are ignored.

	This script is designed to convert a snort ruleset to iptables
rules. Since it can recurse into included files, simply give it the
top-level ruleset, such as /etc/snort/snort.conf .  It can also parse
individual rulefiles.

Usage:
	/usr/src/snort2iptables-0.2.0/snort2iptables  [--log] [--drop|--reject] SnortRuleFile [SnortRuleFile...]
Example:
	/usr/src/snort2iptables-0.2.0/snort2iptables  --log /etc/snort/snort.conf  >iptables.cvs.20020427.v0.2.0

	You should pick at least one of log, drop, or reject to get any
output. Log can be mixed with drop or reject.  Please note that --drop
may lead to lots of open connections; reject is recommended if you
choose to use one of drop or reject.

	One final note; because the uncompressed versions of these files
may have attack signatures in them, I suggest downloading the compressed
versions (the .gz files) and decompressing them so as not to set off
snort or have the connection killed by a previous version of the
iptables rules in effect.

	Those interested in a more faithful implementation of the Snort
ruleset in an iptables environment should take a look at Allen Francom's
hogwash-iptables at http://tempest.prismnet.com/~aef/ .

	- William Stearns 05/02/2002