Hi everyone,
after migrating from NethServer 7 to NethSecurity 8, I noticed a possible misconfiguration with the IPS (Snort in this case).
After enabling IPS, I checked the configuration using the following command:
uci show snort
It shows that Snort is set to listen only on the eth0 interface (snort.snort.interface=’eth0’)
However, my current network setup is as follows:
-
eth0: LAN -
eth1: LAN -
eth2: LAN -
eth3: WAN
Given that I have multiple LAN interfaces, I expected Snort to monitor all LAN interfaces, not just eth0
Question:
Is this the expected behavior, or could it be a configuration issue related to the migration?
Is there a proper way to configure Snort to monitor all LAN interfaces?
Suggestion:
If this is currently not configurable via the web interface, it might be helpful to add in a future release the option to select which interfaces Snort should monitor directly from the IPS settings page.
Thanks in advance for any help or suggestions!