diff -ur --exclude=configure --exclude=Makefile sprobe-0.3/Makefile.in sprobe-iptables-patch/Makefile.in
--- sprobe-0.3/Makefile.in	Thu Sep  6 22:35:11 2001
+++ sprobe-iptables-patch/Makefile.in	Fri Mar 14 12:13:44 2003
@@ -42,8 +42,9 @@
 CC = gcc 
 OBJS = version.o $(SRC:.c=.o)
 INCLS = -I$(FWINC) -I. -I./libpcap
-DEFS = -DRETSIGTYPE=void -DHAVE_SIGACTION=1 
-CFLAGS =  -Wall $(CCOPT) $(DEFS) $(INCLS)
+DEFS = -DRETSIGTYPE=void -DHAVE_SIGACTION=1 @DEFS@
+CFLAGS =  -Wall $(CCOPT) $(DEFS) $(INCLS)  -DUSE_IPTABLES -DIPTABLES_BIN=\"/usr/local/sbin/iptables\"
+
 LIBS = -lm ./libpcap/libpcap.a
 
 all: libpcap sprobe
Only in sprobe-iptables-patch/: config.cache
Only in sprobe-iptables-patch/: config.log
Only in sprobe-iptables-patch/: config.status
diff -ur --exclude=configure --exclude=Makefile sprobe-0.3/configure.in sprobe-iptables-patch/configure.in
--- sprobe-0.3/configure.in	Thu Sep  6 22:32:15 2001
+++ sprobe-iptables-patch/configure.in	Fri Feb 28 09:59:50 2003
@@ -22,10 +22,9 @@
 
 ostype=0;
 FWINC="";
-AC_TRY_CPP([#include <linux/ip_fw.h>], ostype=linux)
-if test $ostype = 0; then
-AC_TRY_CPP([#include <netinet/ip_fw.h>], ostype=bsd)
-fi
+AC_CHECK_HEADERS(linux/netfilter_ipv4/ipchains_core.h, ostype=linux)
+AC_CHECK_HEADERS(linux/ip_fw.h, ostype=linux)
+AC_CHECK_HEADERS(netinet/ip_fw.h, ostype=bsd)
 
 if test $ostype = 0; then
 AC_MSG_RESULT([The ip_fw.h is not included in the standard include path.])
diff -ur --exclude=configure --exclude=Makefile sprobe-0.3/sprobe.c sprobe-iptables-patch/sprobe.c
--- sprobe-0.3/sprobe.c	Mon Sep 10 23:09:52 2001
+++ sprobe-iptables-patch/sprobe.c	Fri Mar 14 12:27:06 2003
@@ -55,7 +55,7 @@
  * 21-Dec-98  Stefan Savage (savage) at the University of Washington
  *	Created.
  */
-
+#include <errno.h>
 #include <stdio.h>
 #include <math.h>
 #include <sys/param.h>
@@ -73,7 +73,11 @@
 struct udphdr {char x[20];};
 struct icmphdr {char x[20];};
 #include <linux/if.h>
+#ifdef HAVE_LINUX_NETFILTER_IPV4_IPCHAINS_CORE_H
+#include <linux/netfilter_ipv4/ipchains_core.h>
+#else
 #include <linux/ip_fw.h> 
+#endif
 #endif /* linux */
 #include <netdb.h>
 #include <string.h>
@@ -89,6 +93,8 @@
 #define DEFAULT_PACKETSIZE	(1460)
 #define DEFAULT_TRAINLENGTH     (6)
 
+extern int errno;
+
 char *defaultRequest;
 char defaultRequestFormat[]="GET %s HTTP/1.0\nAccept: text/plain\nAccept: */*\nUser-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; Sting)\n\n";
 
@@ -135,9 +141,17 @@
 struct ip_fw firewallRule;
 #endif /* __FreeBSD__ */
 #ifdef linux
+#ifndef USE_IPTABLES
 struct ip_fwchange firewallRule;
+#else
+/* For storing the exec string to iptables */
+char ipt_add_rule[1024];
+char ipt_rem_rule[1024];
+#endif
 #endif /* linux */
 
+
+
 /*
  * Send three resets to the receiver to cleanup its state.
  */
@@ -174,6 +188,7 @@
 
 
   /* If a firewall rule has been installed then remove it */
+#ifndef USE_IPTABLES
   if (initFirewall > 0) {
 #ifdef linux
 #define IP_FW_DEL	(IP_FW_DELETE)
@@ -183,7 +198,9 @@
       printf("ERROR: couldn't remove firewall rule\n");
     }
   }
-
+#else
+	system(ipt_rem_rule);
+#endif
   if (initCapture > 0) {
     CaptureEnd();
   }
@@ -204,7 +221,7 @@
   printf("usage:\n%s:",progName);
   printf("\t [-p target-port] [-c count] [-s data-size]\n");
   printf("\t [-w source-port] [-v] [-t train-length]\n");
-  printf("\t [-d] [-h] [-g]\n");
+  printf("\t [-d] [-h] [-g] host\n");
   Quit();
 }
 
@@ -315,9 +332,9 @@
    * I wish that everyone would get their act together and support
    * ONE firewall API... imagine that.
    */
-
+#ifndef USE_IPTABLES
   memset(&firewallRule, 0, sizeof(firewallRule));
-
+#endif
 #ifdef __FreeBSD__
   firewallRule.fw_flg |= IP_FW_F_DENY | IP_FW_F_IN; 
   firewallRule.fw_prot = IPPROTO_TCP;
@@ -337,7 +354,8 @@
   }
 #endif /* __FreeBSD__ */
 #ifdef linux
-  memcpy(firewallRule.fwc_label, IP_FW_LABEL_INPUT,
+#ifndef USE_IPTABLES
+	memcpy(firewallRule.fwc_label, IP_FW_LABEL_INPUT,
 	 sizeof(firewallRule.fwc_label));
   memcpy(firewallRule.fwc_rule.label, IP_FW_LABEL_BLOCK,
 	 sizeof(firewallRule.fwc_label)); 
@@ -356,8 +374,46 @@
 		 &firewallRule,sizeof(firewallRule)) != 0) {
     printf("ERROR: couldn't block kernel TCP for %s:%d\n",
 	   InetAddress(s->dst),  s->dport);
+		switch(errno) {
+			case EBADF: 
+				fprintf(stderr,"Bad file descriptor!\n");
+			break;
+			case ENOTSOCK:
+				fprintf(stderr, "Not a socket\n");
+				break;
+			case ENOPROTOOPT: 
+				fprintf(stderr, "Option unknown\n");
+				break;
+			case EFAULT:
+				fprintf(stderr, "Not valid part of address space\n");
+				break;
+			default: 
+				fprintf(stderr, "Errno=%d\n", errno);
+				break;
+		}
+		fflush(stderr);
     Quit();
-  }
+	}
+#else
+	{	
+		struct in_addr S,D;
+		char src[40],dst[40];
+		S.s_addr = s->src;
+		D.s_addr = s->dst;
+		memmove(src,inet_ntoa(S),40);
+		memmove(dst,inet_ntoa(D),40);
+		snprintf(ipt_add_rule,sizeof(ipt_add_rule) - 1, 
+				"%s -I INPUT -p tcp -s %s -d %s --dport %d --sport %d\n",
+				IPTABLES_BIN, src, dst, 
+				s->dport, s->sport);
+		snprintf(ipt_rem_rule,sizeof(ipt_add_rule) - 1, 
+				"%s -D INPUT -p tcp -s %s -d %s --dport %d --sport %d\n",
+				IPTABLES_BIN, src, dst, 
+				s->dport, s->sport);
+
+		system(ipt_add_rule);
+	}
+#endif /* USE_IPTABLES */
 #endif /* linux */
   initFirewall=1;
 }