HLBR is an IPS (Intrusion Prevention System) that can filter packets directly in the layer 2 of the OSI model (so the machine doesn't need even an IP address). Detection of malicious/anomalous traffic is done by rules based in signatures, and the user can add more rules. It is an efficient and versatile IPS, and it can even be used as bridge to honeypots and honeynets. Since it doesn't make use of the operating system's TCP/IP stack, it can be "invisible" to network access and attackers.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published
by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
HLBR RULES
To make or adjust HLBR rules, please see the README file (in Debian it can be found into
/usr/share/doc/hlbr/
).
You can use HLBRW to help you to make new rules.