Posted by Gnomad on Apr 05, 2016; 7:51am
URL: https://itus.accessinnov.com/Bridge-mode-bugfix-and-performance-improvement-tp561p647.html

Thanks guys, applied the snort7 & 8 conf files (after tweaking HOME_NET) and it seems to be running fine.  To clarify for others reading this thread, these particular files from user8446 contain the following line:

config detection: search-method ac-nq split-any-any search-optimize max-pattern-len 20 no_stream_inserts

This is an instruction to be used only if you have 6000+ snort rules, as described here.  You can count your snort rules by running:

wc -l /etc/snort/rules/snort.rules

  If you want to incorporate trojan rules into snort, uncomment the following line within /sbin/fw_upgrade

curl -k -1 -m 40 -o /mnt/ramdisk/emerging-trojan.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-trojan.rules

__________________________

user8446, I notice you've commented out the decoder rules.  I remember you recommended it in this thread in order to unblock Apple iTunes, but I found that wasn't needed after excluding sid 58.  Are we opening ourselves up to much risk by disabling all the decoder rules?