How to configure Snort for intrusion prevention?

Could I suggest in future that you start a new thread rather than bumping an old one with a lot of largely irrelevant information to read through?


config snort 'lan'
        option interface 'eth0:eth1:eth2:eth3:eth4:eth5'
        option config_file '/etc/config/snort.conf'


procd_set_param command $PROG "-de" "-Q" "-i" "$device" "--daq" "afpacket" "--daq-dir" "/usr/lib/daq/" "-c" "$config_file"

You could also create a new interface which is software bridge over all those ethernet interfaces and then use that single software bridge in the snort command instead. It will probably be more efficient.


Thank you so much. Much appreciated