Comment 5 for bug 466

Snort has moved on since this thread was opened.

Oinkmaster (already packaged and available under Ubuntu (server 7.04)) provides signature updates for Snort that are also used by Snort-inline. As per John's message these can be free-registered to get 7 day-old bundles.
  Ala - Linux Gazette circa 2005;
    http://linuxgazette.net/118/savage.html

Snort-inline has picked up a stream4 reassembler, so it runs as Snort did.
  Ala Snort manual - item 2.1.3 Stream4;
    http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/node11.html#SECTION00313000000000000000

For Snort-inline to run, there are two libraries required that are not shipped in Ubuntu (server 7.04), these are libipq and libNet.

Using libnetfilter_queue, a symlink from /lib/libipq.so -> /lib/libnetfilter_queue_libipq.so lets the Snort configure run fine. Was libipq the depreciated library John referred to? The active libnetfilter_queue project can be found here;
  ftp://ftp.netfilter.org/pub/libnetfilter_queue/

The libNet page has been updated in 2007, but it's tgz archive contains files that are only as recent as 2004 (was libNet the depreciated library John referred to?) I haven't compiled up a libNet, but it can be found here;
  http://www.packetfactory.net/projects/libnet/

Snort-inline seems like a good opportunity to get some self-defending servers (at least, if not desktops) out there. Out-of-the-box Ubuntu installs could be oinkmaster'd up to at least download the "full release" updates (free and no registration). While not current, it would still be updated at sporadic intervals. In a default configuration snort-inline would prevent both in and outbound signature-recognised attacks (i.e. no Ubuntu desktop script kiddies).

Setting aside an enabled snort-inline; For the sake of two libraries, I can't see why snort-inline isn't at least made available to the Ubuntu community - even if the two libraries were just dependencies on the Snort package.