Snort block only inbound traffic
-
Hello all,
I've recently setup snort on my pfSense which is inspecting traffic in a transparent bridge (WAN & LAN) and was wondering if there's a way to setup snort to only block inbound initiated traffic (ofc, given the alert applies).
In short, I don't it block suspicious destinations of my network's outbound traffic. (fyi: my public WAN IP is in the "pass list" and is not about that)Thanks in advance!
-
The only way to accomplish that would be to rewrite all the rules and reverse the direction logic. That's a lot of work.