I have just started getting into network security, firewall, etc. So, please excuse me for asking this basic question.
I looked at IPtables and got a good hang of it (nowhere close to becoming an expert) but understand the packet flow, hooks and to some extent the libnetfilter_queue library now. Just started looking at snort and thought that I could do most of snort with IpTables (worst case with some libnetfilter_queue C add-ons).
Is my observation correct?