[Snort-devel] Multiple rule sets

Fyodor fygrave at ...1...
Fri Feb 16 20:14:57 EST 2001


On Fri, Feb 16, 2001 at 02:40:47PM -0700, default wrote:
> Since snort can now listen on multiple interfaces, has anyone though about
> having multiple rules sets, one for each interface?


The only platform where snort can listen on mutliple intefaces, is linux for the moment. But
from the internal point of view (:-)) it's hard to figure out which interface packet came from
unless you do some evil hack to obtain interfaces ip addresses/masks and routing tables  and do matching/lookup
on the fly.. if I am missing something, let me know though :)




More information about the Snort-devel mailing list