Kickstarter had/has a campaign by iguardian to create a snort appliance. It looks like something you are trying to do. Instead of pf, it is based on openwrt. Check it out.
Yudhvir > On Sep 29, 2014, at 4:22 PM, Ivo Tonev <i...@tonev.pro.br> wrote: > > I don't like the bridge approach because if you have many vlans it become > very complicated. > > I always use the router approach because I can configure the IDS for one > interface and IPS for another. > > If you don't have enough IP addresses, you can use invalid IP on firewall WAN > and create a route on your router to reach your range. > >> On Sep 29, 2014 7:31 PM, "Jeronimo L. Cabral" <jelocab...@gmail.com> wrote: >> Dear, do I have to have 3 network interfaces or 2 interfaces are enough to >> implement the IPS??? Because I think I'll have 1 promiscuos WAN, 1 >> promiscuos LAN and 1 management. >> >> The Pfsense firewall has to be setup as BRIDGE if want to put it between >> the router and the corporate firewall ??? >> >> Special thanks, >> >> JeLo >> >>> On Mon, Sep 29, 2014 at 5:35 PM, compdoc <comp...@hotrodpc.com> wrote: >>> > Here is a good place to start regarding Suricata or Snort. >>> > >>> >http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/ >>> >>> >>> >>> Is the free to use version of Snort going away? I scanned the page >>> mentioned above but it seems unclear. >>> >>> >>> >>> Suricata sounds like an excellent replacement given the advanced features, >>> but I have to say Snort is doing a fine job for us. >>> >>> >>> >>> I use the free Registered User rules and the free Emerging Threats rules, >>> and Snort is busy blocking port scans and all kinds of activity, while not >>> bothering/blocking our user's activity. >>> >>> >>> >>> Not that we rely solely on Snort - no unnecessary ports are listening to >>> the web. No management ports like 22 are open. >>> >>> >>> >>> Anyway, Snort doesn’t use much cpu time for our 30 user office, and pfSense >>> makes it (kinda) easy to use. Until Suricata arrives for pfSense, I think >>> its fine. >>> >>> >>> >>> By the way, if you have a decent speed quad-core server with at least 8GB >>> ram, you can easily run pfSense, Suricata, and whatever else side by side >>> in virtual machines. >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> List mailing list >>> List@lists.pfsense.org >>> https://lists.pfsense.org/mailman/listinfo/list >> >> >> _______________________________________________ >> List mailing list >> List@lists.pfsense.org >> https://lists.pfsense.org/mailman/listinfo/list > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list