[Snort-users] multiple NICs on OpenBSD 3.4
Jacob, Raymond A Jr
raymond.jacob at ...7622...
Mon Apr 19 14:18:04 EDT 2004
Looking at the web page at www.snort.org you can have a snort process for every net or
use bridging. Does anyone know how one gets snort to work under bridging?
I thought about doing something like:
inet 172.16.154.55 255.255.255.0
#ep0 on lan1
#ep1 on lan2
up # and finally enable it
rule block out on ep0
rule block out on ep1
rule pass in on ep0
rule pass in on ep1
/usr/.../snort -c /usr/local/etc/snort.conf - i bridge0 -u snortgirl - g snortgirl -D > /dev/null & echo -n ' snort'
alternatively I have heard of someone trying use pf to capture traffic and route it
to snort via pf.
block in quick log on ep0
block in quick log on ep1
packets that match the block rule in pf.conf -i.e. all packets - will be logged/sent
to the psuedo network device driver pflog0. Since pflog0 is a network interface
use it as a interface that snort can use.
/.../snort -c /.../snort.conf - i pflog0 -u snortgirl - g snortgirl -D > /dev/null & echo -n ' snort'
More information about the Snort-users