Andrea Venturoli wrote:
Some years ago, I checked to see whether I would be able to let a single snort process listen on more than one NIC.At the time it was only possible in Linux.Now, I searched a bit, but nothing new came up.Did anything improve since then? Do we still need multiple snort processes to listen on more than one interface?Can some netgraph node help with this?
You can do this using if_bridge in monitor mode like so:
{/etc/rc.conf}
## DMZ Span Port
cloned_interfaces="bridge0"
ifconfig_fxp0="up promisc"
ifconfig_fxp1="up promisc"
ifconfig_bridge0="addm fxp0 addm fxp1 monitor up"
And then have you snort process run on bridge0.
Tom
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
