multiple NICs on OpenBSD 3.4

["Jacob, Raymond A Jr" <raymond.jacob () navy mil>]

Looking at the web page at www.snort.org you can have a snort process for every net or 
use bridging. Does anyone know how one gets snort to work under bridging?

I thought about doing something like:

/etc/hostname.3c0
===================
inet 172.16.154.55 255.255.255.0

/etc/hostname.ep0
===================
up

/etc/hostname.ep1
===================
up


/etc/bridgename.bridge0
===================
create bridge0
#ep0 on lan1
add ep0
#ep1 on lan2
add ep1
up    # and finally enable it
rule block out on ep0
rule block out on ep1
rule pass in on ep0
rule pass in on ep1


snortstart
/usr/.../snort -c /usr/local/etc/snort.conf - i bridge0 -u snortgirl - g snortgirl -D > /dev/null & echo -n ' snort'


alternatively I have heard of someone trying use pf to capture traffic and route it
to snort via pf.

pf.conf
============
block in quick log on ep0
block in quick log on ep1
....

packets that match the block rule in pf.conf -i.e. all packets - will be logged/sent
to the psuedo network device driver pflog0. Since pflog0 is a network interface
use it as a interface that snort can use.

snortstart
/.../snort -c /.../snort.conf - i pflog0 -u snortgirl - g snortgirl -D > /dev/null & echo -n ' snort'

Thank you
Raymond


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users