I found a security resource that can be utilized by pound users.  These 
rules are for mod_security but some of them can be converted over to 
pound.cfg syntax.

Web Application protection rules
http://www.gotroot.com/downloads/ftp/mod_security/rules.conf

Bad UserAgents blocking rules
http://www.gotroot.com/downloads/ftp/mod_security/useragents.conf

Compromised/Hacker boxes blacklist
http://www.gotroot.com/downloads/ftp/mod_security/blacklist2.conf

Signatures to block known rootkits, worms, etc.
http://www.gotroot.com/downloads/ftp/mod_security/rootkits.conf

It might be nice to bundle a handful of the converted security rules in 
the pound.cfg (even if they are commented out).

Someone can probably write a script to convert the standalone rules to 
pound.cfg format.  Not sure if the chained rules can be converted.  Any 
volunteers?  :)

For more info:
http://www.gotroot.com/mod_security+rules

> It might be nice to bundle a handful of the converted security rules
in[...]

except for this little chestnut:

# Commercial redistribution prohibited.

 - samj

Sam Johnston wrote:
[...][...]

I'm wondering if the above can possibly apply to *converted* 
rules--especially the rules that originally appeared in other projects 
like snort.

snort rules => mod_security rules => pound rules

IANAL, but it seems unlikely that a regex expression that detects 
something like "../.." in a URL can be copyrighted if it appeared in 
other projects and the line of config/code utilizing said regex is 
different.

But just to be safe, maybe its better to bundle several perl scripts 
instead of pre-converted rules.  For example, mod_security bundles perl 
scripts that convert rules from snort, clamav, and nessus--since the 
most relevant rules are posted online, we only need a single perl script.