With fwsnort installed on a system that offers string-match support in the kernel, we can now put fwsnort to work for us. Without further ado, we fire up fwsnort from the command line. Normally, fwsnort is executed as root because by default it queries iptables in order to determine which extensions are available in the running kernel, and then it tailors the translation process accordingly^[59] (some output below is abbreviated):

 [iptablesfw]# fwsnort Snort Rules File Success Fail Ipt_apply Total [+] attack-responses.rules 15 2 0 17 [+] backdoor.rules 62 7 1 69 [+] bad-traffic.rules 10 3 0 13 [+] bleeding-all.rules 1076 573 5 1649 [+] exploit.rules 31 43 0 74 [+] web-cgi.rules 286 62 0 348 [+] web-client.rules 7 10 0 17 [+] web-coldfusion.rules ...