Do snort and pfBlockerNG need to be pointed at secondary interfaces?

  • First time poster. Glad to be here.

    I've been using pfSense for about a year as my main router / firewall. I feel good about it. Thank you for making it available.

    My question: I'm using OpenVPN with a TAP interface so I can bridge into my home network from out of town. It was a little tricky to find the instructions but it works well. I had to create a new interface to make it work.

    I'm also using snort, pfBlockerNG, and a custom list of IP addresses to keep the bad guys out on a normal, daily basis. Snort assigned to the WAN interface. pfBlockerNG is pointed to both WAN and LAN. The custom block list is pointed to WAN.

    I just noticed I can create a snort instance that points to the OPENVPN-bridged interface that supports TAP. pfBlockerNG can also be pointed to other interfaces.

    Should I create separate instances for OpenVPN-bridged or is the one pointed to WAN and / or LAN all I need?

    I'm reasoning 'no' because the WAN inerface gets everything first and the bridge to OpenVPN TAP is secondary. LAN is unnecessary for OpenVPN-bridged since it is only for remote access to the home network and LAN is safe at this point. (A TUN pass through is used for remote browsing.)

    What do more experienced users think?

Log in to reply