Firewall & Port knocking
fwsnort - iptables Intrusion Detection with String Matching and Snort Rules fwsnort parses the rules files included in the SNORT ® intrusion detection system and builds an equivalent iptables ruleset for as many rules as possible. fwsnort utilizes the iptables string match module (together with a custom patch that adds a --hex-string option to the iptables user space code which is now integrated with iptables) to detect application level attacks. fwsnort accepts command line arguments to restrict processing to any particular class of snort rules such as "ddos", "backdoor", or "web-attacks". Processing can even be restricted to a specific snort rule as identified by its "snort id" or "sid". fwsnort makes use of the IPTables::Parse module to translate snort rules for which matching traffic could potentially be passed through the existing iptables ruleset.
NuFW Project Homepage
netfilter/iptables project homepage - The netfilter.org project