Snort mailing list archives
Pfsense + snort
From: Daniel Reuben via Snort-sigs <snort-sigs () lists snort org>
Date: Thu, 9 May 2024 18:14:21 +0000
Hello, We currently have two IPS/IDS setup, both on LAN side with snort rules applied. We are noticing that inbound traffic is coming from internal IPs exclusively. We would like to be able to receive internal and external IPs, what would be the best course of action? Would we have to create 4 ids/ips interfaces in total? LAN and WAN on one side of the network, and LAN and WAN on the other side? If we were to do this, can we have independent rules, conditions, suppressions for each IPS/IDS. If I were to apply some sort of rule to a WAN interface, would that cause the LAN side to inherit this rule? We want unique rules for each interface. Any recommendations? Does pfsense + snort only monitor ingress, or both ingress and egress traffic?
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Pfsense + snort Daniel Reuben via Snort-sigs (May 13)