Pfsense + snort

[Daniel Reuben via Snort-sigs <snort-sigs () lists snort org>]

Hello,

We currently have two IPS/IDS setup, both on LAN side with snort rules applied. We are noticing that inbound traffic is 
coming from internal IPs exclusively. We would like to be able to receive internal and external IPs, what would be the 
best course of action?

Would we have to create 4 ids/ips interfaces in total? LAN and WAN on one side of the network, and LAN and WAN on the 
other side? If we were to do this, can we have independent rules, conditions, suppressions for each IPS/IDS. If I were 
to apply some sort of rule to a WAN interface, would that cause the LAN side to inherit this rule? We want unique rules 
for each interface. Any recommendations?

Does pfsense + snort only monitor ingress, or both ingress and egress traffic?

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!