Snort how to?
I just installed snort and I was looking to see if any body have any hints on how to configure it properly…
In which interface should I have it listen on?
What rules should I enable and how to?
Are you using pfsense 1.2.0 or 1.2.1?
Thanks for the reply.
I am using 1.2.1.
You enable it on all WAN type interfaces. In regards to the rules, that really just depends on your network, and how much ram you have. If you have a mail server behind your firewall, then maybe you'll want to enable the smtp, pop3, and the imap rules. If you just have people browsing the web, then the spyware-put, virus, and web-client rules might be of use.
You're really just going to have to take a good look at each ruleset to determine whether it's for you or not. Some googling will be necessary!
I see how it works now.