Posted by user8446 on Mar 31, 2016; 1:23am
URL: https://itus.accessinnov.com/Bridge-mode-bugfix-and-performance-improvement-tp561p589.html

Because ac-full is actually the fastest pattern matcher but if you run a lot of rules snort will crash with an out of memory error since we only have 1gb of RAM. You can only use that with ~6500 rules or lower.

Here you go:

snort7.conf
snort8.conf

Don't forget to disable those preprocessors as shown above.

Everyone else: Roadrunnere42 changed his HOME_NET to match his network so change it to yours if you want to run this config. This is optimized for a large amount of  rules... remove "split-any-any" if you aren't.