[Snort-users] what to do with dynamic ip hosts

Erik Fichtner emf at ...367...
Mon Oct 2 09:27:25 EDT 2000

On Sun, Oct 01, 2000 at 10:19:57PM -0400, Douglas F. Elznic wrote:
> Hello,
>  I am going to run snort on my firewall that is hooked up to a cable
> connection. I am trying to use the rule set you can create on the web page. But
> it needs the ip of the computer it is on. My ip changes due to the dhcp lease.
> Is there a way to have it listen to interface eth0 instead of the ip address of
> eth0?

you can use "any" instead of your local address.    You can run snort in
non-promiscuous mode (since it's a firewall, it's going to be passing all
the packets anyway...)  and you can specify the interface to listen on with
a command line flag.

Erik Fichtner
Security Administrator, ServerVault, Inc.

More information about the Snort-users mailing list