Snort how to?
-
I just installed snort and I was looking to see if any body have any hints on how to configure it properly…
In which interface should I have it listen on?
What rules should I enable and how to?TIA!
-
Are you using pfsense 1.2.0 or 1.2.1?
-
Thanks for the reply.
I am using 1.2.1.
-
You enable it on all WAN type interfaces. In regards to the rules, that really just depends on your network, and how much ram you have. If you have a mail server behind your firewall, then maybe you'll want to enable the smtp, pop3, and the imap rules. If you just have people browsing the web, then the spyware-put, virus, and web-client rules might be of use.
You're really just going to have to take a good look at each ruleset to determine whether it's for you or not. Some googling will be necessary!
-
Thank You!
I see how it works now.