How to configure Snort for intrusion prevention?

Could I suggest in future that you start a new thread rather than bumping an old one with a lot of largely irrelevant information to read through?

/etc/config/snort

config snort 'lan'
        option interface 'eth0:eth1:eth2:eth3:eth4:eth5'
        option config_file '/etc/config/snort.conf'

/etc/init.d/snort

procd_set_param command $PROG "-de" "-Q" "-i" "$device" "--daq" "afpacket" "--daq-dir" "/usr/lib/daq/" "-c" "$config_file"

You could also create a new interface which is software bridge over all those ethernet interfaces and then use that single software bridge in the snort command instead. It will probably be more efficient.

2 Likes

Thank you so much. Much appreciated