Login  Register

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Posted by Grommish on Jun 26, 2019; 12:41am
URL: https://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1778.html

Question time.

I've already put out there that I really don't know Snort, so I'm checking to see if what I'm thinking is actually correct.

In Router mode, where there 2 snort instances running concurrently - one for the WAN, one for the LAN - rather than 1 instance that just covers both?  This is what it looks like from what I can see in the codebase.  Is this so you can have multiple rule sets, one less restrictive between eth1/eth2 (br-lan) and a heavier barrier over eth0?  Can anyone explain why this setup might be better than a single instance of snort covering both br-lan and eth0 at the same time?  Since a properly setup HOME_NET limits the IP scope (I'm currently using ipvar HOME_NET [10.0.0.0/8,172.16.0.0/12,192.168.1.0/16] instead of ipvar HOME_NET any, for example, with EXTERNAL_NET being !$HOME_NET)
Running Itus Shield v2 Firmware