Hi, I''m new to the list, but have been through the documentation, archives, etc. looking for more info... I''ve been using shorewall 1.3.14 for a few months now, has been working well from day one. I''m also using it with dshield (submitting logs and using the block list). I''m thinking of adding snort-inline to the mix (I run apache and postfix on the same box, would like to drop/report the bad guys :-). It relies upon the iptables ''QUEUE'' target, so I''ll need to add an iptables rule or two to plumb it in. Any advice on the ''best'' way to do this? I see from the archives that people are using snort with shorewall, anyone using snort-inline? Paul P.s. machine is a Celestix Taurus server appliance (mandrake-based distro, kernel 2.4.18)