[Snort-sigs] multiple interfaces
jfernandez at ...2106...
Thu May 20 00:10:02 EDT 2004
Kimberly Ho wrote:
> Hey all,
> I've been trying to see if there was a way around snort 2.1.2, and why
> it does not support multiple interfaces. Snort 2.1.0 does however. But
> in any case, is there a way to specify multiple interfaces, or even
> negate one interface out of 10. We tried to modify the snort.conf file
> and specified the interface to look for, but it did not like that.
> Tried generally most things that are available online. Any ideas?
I've usually done this with different snort instances, i.e. init.d
scripts that run different snort configurations with different -i
values. That provides a way to have different rule sets for the
interfaces (since they will listen on different networks, with
One thing that _might_ work, but I haven't tested myself, is to do
link aggregation using logical interfaces bonding  and enslave
different interfaces to it, then setup a single snort instance
attached to the bond interface. If anyone tests this I would like to
hear what the results are...
 See the "Guide to IP Layer Network Administration with Linux",
more specifically: http://linux-ip.net/html/ether-bonding.html
More information about the Snort-sigs