[Snort-users] SNORT on a firewall?

Avleen avleen at ...396...
Mon Mar 19 17:25:14 EST 2001


> Robert.Searle at ...1614... wrote:
> >
> > Great!  How do I tell linux to pass the info from eth0 (outside world) to
> > eth1 (internal)?  How do I tell snort to only look at eth1?
>
> 1. Huh / Why?
>
> 2. snort -i <iface>

1.    So that you can have your firewall on the first interface, and the IDS sniffing the
second, to catch things that get passed the first!
You can do this using IPF and source based policy routing.
I asked a question on how to do it, on this list a week or two ago - look at the archives
/ search for any posts by me, and look at the first few replies :)






More information about the Snort-users mailing list