[Snort-users] snort configuration

Joel Esler jesler at ...1935...
Mon Sep 2 09:06:52 EDT 2013


On Sep 2, 2013, at 8:53 AM, rem239 at ...348... wrote:

> I want to have a small snort installation where snort listens only on the src ports 22, 80 and ignores all other traffic.
> What is the best way for such a configuration? Using ignore_ports in snort connfig or a BPF? Is there a example config for such a case?

BPF would probably be the way to go here.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130902/e5f08359/attachment.html>


More information about the Snort-users mailing list