HLBR - Hogwash Light BR, an layer 2 network IPS
hlbr -c config-file -r rules-file [-l logs-directory ] [-tndv]
HLBR is an IPS (Intrusion Prevention System) that can filter packets
directly in the layer 2 of the OSI model (so the machine doesn’t need
even an IP address). Detection of malicious/anomalous traffic is done
by rules based in signatures, and the user can add more rules. It is an
efficient and versatile IPS, and it can even be used as bridge to
honeypots and honeynets. Since it doesn’t make use of the operating
system’s TCP/IP stack, it can be "invisible" to network access and
HLBR is based in Jason Larsen’s Hogwash, available at
The options described here must be specified at the command line:
-t Parse rules and exit.
-n Process n packets and exit.
-d Enter Daemon Mode (Background Execution).
-v Print version and exit.
default configuration file.
default rules file.
empty rules file (for testing purposes).
The latest version of this program can be found at:
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
To make or adjust HLBR rules, please see the README file (in Debian it
can be found into /usr/share/doc/hlbr/ ). You can use HLBRW to help
you to make new rules.
Andre Bertelli Araujo (arkanoid) <firstname.lastname@example.org> (project
Joao Eriberto Mota Filho (eriberto) <email@example.com> (project
Pedro Arthur P. R. Duarte (pedroarthur) <firstname.lastname@example.org>
Please see: http://hlbr.sourceforge.net/corner.html