This is a simple script which works with iptables as a interactive firewall. IPS outline also required to create named pipe (/dev/ips) where Rsyslog server redirects interesting logs for you.
Unfortunately now full description available only in Polish language: http://grzesieklog.blogspot.com/2010/04/implementacja-systemu-aktywnego.html but in future I will writing here in english.