WARNING: This is only a prototype! If you feed it with big dumps, it might consume all your memory and never come to an end.

How to use the rulegen:
python rulegen.py dump

You can configure it via the rulegen.cfg.

You need dpkt [1], ipaddr [2] and python2.6 or greater, but not python3.x
You can find ebuilds for ipaddr and rulegen in the overlay folder.
dpkt is already in the tree.

You can feed it with dumps from any network-interface including pflog-dumps.

For a short introduction see http://coupleprogramming.eu/blog/?p=219

[1] http://code.google.com/p/dpkt/
[2] http://code.google.com/p/ipaddr-py/