I ditched pfSense, not sure why but it was just rubbish.
Anyway, got an arch linux server setup with iptables and snort, snort is all taken care of and is working via nfq and afpacket DAQs in inline mode...
What I'd like to do, however, is use iptables to block some IPs and ports, before allowing the rest of the data to pass on through to snort and then out another ethernet interface to the server(s).
Only problem is, it requires NAT, and me, iptables and the FORWARD/NAT chain don't seem to get on, I've no idea how to go about doing it . Looked around the net and came across various examples, but they're all rubbish quite frankly and require you have internal IPs and specify them directly, etc. whereas I want this server to just drop bad traffic and forward it out another interface, so the servers can still use public IPs.
So I'm quite literally stuck and haven't got a CLUE how to do this, any ideas?