Snort: Apply to LAN also applies to VLANs??
If you attach a ruleset to the LAN interface, does it also affect any VLANs on that interface?
I noticed that applying a rule to the LAN blocked a web client on a particular VLAN that did not have the rule. If this is by design, great, as it allows me to simplify the application of the rulesets across all the VLANs on the LAN.
Just wanted to make sure that I'm not overlooking something, or making my snort setup ineffective by putting the rules against the LAN interfaces instead of the VLAN interfaces.
Snort puts the interface into promiscuous mode and thus will see all traffic hitting that physical interface including VLAN's, PPPoE etc.