[Snort-inline-users] Snort-inline setup for a single computer (no-nat, no-bridge)

[phpMiX \(snort\) <sn...@ph...>]

After the latest PHP/phpBB related worms I would like to use snort-inline to
prevent problems in the future. I believe this is a must these days. And
snort-inline is great, for what I've been reading (a lot, I think).

I'm running RHEL 3 and I've been using APF and BFD (www.rfxnetworks.com).
I've been also using Snort in IDS mode with ACID for some time now.

Now, I've been able to install the kernel-source package, iptables-devel,
libnet 1.0.2a and snort 2.3.0RC2 compiled with the --enable-inline option.
Tested and it works! However, it is still running in IDS mode.

I downloaded the rc.firewall script from honeynet.org and I've been trying
to understand how do I need to change it to suit my needs. I do not need to
do NAT nor act as Bridge. My computer is connected to just one interface
(eth0), the net. Also, I still need to use APF, since it's easier to
customize than iptables. TBH, I feel somehow lost when trying to figure out
iptables seriously.

Probably I need to setup the ip_queue chains to allow snort-inline do its
own job, but I also need to keep all the iptable settings APF builds when
it's started. ...or maybe I can't use APF+BFD anymore when using
snort-inline?

Please, can anyone help me?

Thanks a lot in advance ...and happy new year! :-)