3. Possible to make Snort block IP on specific interface

Possible to make Snort block IP on specific interface

  • C

    Second related question, is it possible to have Snort block only on the interface it is configured for?

    Our setup: We have public WiFi and staff networks both being handled by our pfSense router.  We have Snort setup on the "public wifi" network to be extremely restrictive.  This is causing problems because it is blocking the offending IPs for ALL interfaces instead of just the interface it has been configured on.

    Is setting up a second (third, fourth, etc.) pfSense box for every network I want to Snort my only solution so that they do not interfere with each other my only option, or is there a way to get Snort to only block on the interface it has been configured on?

    0
  • F

    Snort and IPS/IDS in general is not a turn on once and leave it running kind of solution. You need to asses if the alerts being triggered are false positives or not and add suppress / pass lists based on your needs.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy