Snort how to?



  • I just installed snort and I was looking to see if any body have any hints on how to configure it properly…

    In which interface should I have it listen on?
    What rules should I enable and how to?

    TIA!



  • Are you using pfsense 1.2.0 or 1.2.1?



  • Thanks for the reply.

    I am using 1.2.1.



  • You enable it on all WAN type interfaces. In regards to the rules, that really just depends on your network, and how much ram you have. If you have a mail server behind your firewall, then maybe you'll want to enable the smtp, pop3, and the imap rules. If you just have people browsing the web, then the spyware-put, virus, and web-client rules might be of use.

    You're really just going to have to take a good look at each ruleset to determine whether it's for you or not. Some googling will be necessary!



  • Thank You!
    I see how it works now.


Log in to reply