diff --git a/net-analyzer/snortsam/Manifest b/net-analyzer/snortsam/Manifest
index 7ca9614..558538f 100644
--- a/net-analyzer/snortsam/Manifest
+++ b/net-analyzer/snortsam/Manifest
@@ -1,4 +1,4 @@
-AUX snortsam-2.70-redirect.patch 21776 RMD160 624bbde2c6802416d2faf3c9d6b89caf1d8b8935 SHA1 09a0ea5b9602162845ea08bff2726b282ea465f2 SHA256 492e7b054c432d99d95c4c89d08a843d0d269e48004440959e3a5a81d4b37759
+AUX snortsam-2.70-redirect.patch 22221 RMD160 b5b5016c5817fb2c227764c0fe50049c95334f76 SHA1 d53afb3154b17489c945cffd06ddc72a4b32f761 SHA256 706bc4524a5818c5b0248fea4fb912618aec186b087915ab53c3ea0ab848e3a8
 DIST snortsam-2.50-ciscoacl.diff.bz2 7295 RMD160 91d36fecc3fcf14de5ed964928d69ef3cc167bae SHA1 c887162193df59bff2f3fb2fe0ae0aec253314ce SHA256 a4f39789e9f10b95e6db1bbce5f9d26f7393161311f5c955a4b8380186a2cb6b
 DIST snortsam-src-2.70.tar.gz 1971624 RMD160 336b0c701754d0688e2ebc967cfdbb3f9bc2fe32 SHA1 9cc7f9aad927217fbda75de038d0489b8e5f3a9e SHA256 442040a7281a641008f6410b7f6528d709f17d5041fd3752011075f8a38d19bc
 EBUILD snortsam-2.70-r9999.ebuild 1598 RMD160 9b1d28cb4ee1865c2f6f166903824f6fff91e08b SHA1 57f138c4d7868f7bea169e1f0317f657a784325a SHA256 bfafe9ab2046e19abcfcf8d8a676e5dd264e9f0f6fad277ec4ba5bfd47238759
diff --git a/net-analyzer/snortsam/files/snortsam-2.70-redirect.patch b/net-analyzer/snortsam/files/snortsam-2.70-redirect.patch
index dff8147..4cc3a7e 100644
--- a/net-analyzer/snortsam/files/snortsam-2.70-redirect.patch
+++ b/net-analyzer/snortsam/files/snortsam-2.70-redirect.patch
@@ -84,8 +84,8 @@ diff -ur snortsam-2.7.0-orig/src/snortsam.h snortsam/src/snortsam.h
  void clearhistory(void);
 diff -ur snortsam-2.7.0-orig/src/ssp_iptables.c snortsam/src/ssp_iptables.c
 --- snortsam-2.7.0-orig/src/ssp_iptables.c	2012-05-20 20:59:46.275601000 +0400
-+++ snortsam/src/ssp_iptables.c	2012-06-15 19:58:38.620383000 +0400
-@@ -123,204 +123,214 @@
++++ snortsam/src/ssp_iptables.c	2012-06-16 16:53:06.430453000 +0400
+@@ -123,204 +123,227 @@
  	printf("Debug: [iptables][%lx] Plugin Blocking...\n",threadid);
  #endif
  
@@ -380,6 +380,7 @@ diff -ur snortsam-2.7.0-orig/src/ssp_iptables.c snortsam/src/ssp_iptables.c
 +	{
 +	  snprintf(msg,sizeof(msg)-1,"Info: UnBlocking ip %s", inettoa(bd->blockip));
 +	  logmessage(1,msg,"iptables",0);
++
 +switch(bd->mode&FWSAM_HOW)
 +	{	case FWSAM_HOW_IN:	
 +          /* Assemble command */
@@ -416,9 +417,17 @@ diff -ur snortsam-2.7.0-orig/src/ssp_iptables.c snortsam/src/ssp_iptables.c
 +	    }
 +		break;
 +		case FWSAM_HOW_INOUT:	
++{
++	  char* cmdstr_fwd;
++	  char cmdstr_fwd_unredirect[]="/sbin/iptables -t mangle -D PREROUTING -i %s  -s %s -j MARK --set-mark 255";
++	  char cmdstr_fwd_unblock[]="/sbin/iptables -D FORWARD -i %s  -s %s -j DROP";
++	  if (bd->type==FWSAM_STATUS_BLOCK)
++		cmdstr_fwd=cmdstr_fwd_unblock;
++	  else
++		cmdstr_fwd=cmdstr_fwd_unredirect;
 +	  /* Assemble command - block src*/
 +		if ((snprintf(iptcmd,sizeof(iptcmd)-1,
-+		"/sbin/iptables -D FORWARD -i %s  -s %s -j DROP",
++		cmdstr_fwd,
 + 		iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1,
 +		"/sbin/iptables -D FORWARD -i %s  -d %s -j DROP",
 + 		iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) {
@@ -426,6 +435,7 @@ diff -ur snortsam-2.7.0-orig/src/ssp_iptables.c snortsam/src/ssp_iptables.c
 +                logmessage(1,msg,"iptables",0);
 +		return;
 +          }
++	      if (bd->type==FWSAM_STATUS_BLOCK)
 +		if ((snprintf(iptcmd2,sizeof(iptcmd2)-1,
 +		"/sbin/iptables -D INPUT -i %s  -s %s -j DROP",
 + 		iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1,
@@ -435,6 +445,7 @@ diff -ur snortsam-2.7.0-orig/src/ssp_iptables.c snortsam/src/ssp_iptables.c
 +                logmessage(1,msg,"iptables",0);
 +		return;
 +          }
++}
 +		  break;
 +		  case FWSAM_HOW_THIS:	
 +	  /* Assemble command */
@@ -467,7 +478,8 @@ diff -ur snortsam-2.7.0-orig/src/ssp_iptables.c snortsam/src/ssp_iptables.c
 +                snprintf(msg,sizeof(msg)-1,"Info: Command %s Executed Successfully", iptcmd);
 +                logmessage(3,msg,"iptables",0);
 +	}
-+        if (system(iptcmd2) != 0) { 
++        if (bd->type==FWSAM_STATUS_BLOCK)
++          if (system(iptcmd2) != 0) { 
 +		snprintf(msg,sizeof(msg)-1,"Error: Command2 %s Failed", iptcmd2);
 +		logmessage(1,msg,"iptables",0);
 +	} else {
@@ -485,6 +497,7 @@ diff -ur snortsam-2.7.0-orig/src/ssp_iptables.c snortsam/src/ssp_iptables.c
 +					snprintf(msg,sizeof(msg)-1,"Info: Command %s Executed Successfully", iptcmd1);
 +					logmessage(3,msg,"iptables",0);
 +		}
++                      if (bd->type==FWSAM_STATUS_BLOCK)
 +			if (system(iptcmd4) != 0) { 
 +			snprintf(msg,sizeof(msg)-1,"Error: Command2 %s Failed", iptcmd4);
 +			logmessage(1,msg,"iptables",0);