Date: Wed, 28 Oct 2009 14:47:33 +0000 From: Tom Judge <tom@tomjudge.com> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-net@freebsd.org Subject: Re: snort on multiple interfaces Message-ID: <4AE85985.5080206@tomjudge.com> In-Reply-To: <4AE8569C.1040209@netfence.it> References: <4AE8569C.1040209@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrea Venturoli wrote: > Some years ago, I checked to see whether I would be able to let a > single snort process listen on more than one NIC. > At the time it was only possible in Linux. > > Now, I searched a bit, but nothing new came up. > > Did anything improve since then? Do we still need multiple snort > processes to listen on more than one interface? > Can some netgraph node help with this? > You can do this using if_bridge in monitor mode like so: {/etc/rc.conf} ## DMZ Span Port cloned_interfaces="bridge0" ifconfig_fxp0="up promisc" ifconfig_fxp1="up promisc" ifconfig_bridge0="addm fxp0 addm fxp1 monitor up" And then have you snort process run on bridge0. Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AE85985.5080206>