just a quick note: if you run snort in inline mode and it just seems to drop all traffic silently - did you run a 'make clean' before 'make' in the snort directory after reconfiguring it with --enable-inline? this cost me 4 hours. additionally, i have to enable debug (still very quiet) using --enable-debug (though i guess that has to do with optimisation settings) to get the clamav preprocessor to work.

notable other link: oinkmaster keeps your rules updated, allowing you to replace the "targets" of rules specified by either SID or regex from "alert" to "drop" (for example). this is very handy for the inline mode.

on other news, mythtv 0.19 seems to be getting closer - though the new libmythUI was postponed 'til 0.20.