From owner-freebsd-net@FreeBSD.ORG  Wed Oct 28 14:35:11 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 032991065676
	for <freebsd-net@freebsd.org>; Wed, 28 Oct 2009 14:35:11 +0000 (UTC)
	(envelope-from ml@netfence.it)
Received: from cp-out8.libero.it (cp-out8.libero.it [212.52.84.108])
	by mx1.freebsd.org (Postfix) with ESMTP id BAF468FC1E
	for <freebsd-net@freebsd.org>; Wed, 28 Oct 2009 14:35:10 +0000 (UTC)
Received: from soth.ventu (151.51.2.140) by cp-out8.libero.it (8.5.107)
	id 4AE637A60040E67E for freebsd-net@freebsd.org;
	Wed, 28 Oct 2009 15:35:09 +0100
Received: from alamar.ventu (alamar.ventu [10.1.2.18])
	by soth.ventu (8.14.3/8.14.2) with ESMTP id n9SEZ8Kr020580
	for <freebsd-net@freebsd.org>; Wed, 28 Oct 2009 15:35:08 +0100 (CET)
	(envelope-from ml@netfence.it)
Message-ID: <4AE8569C.1040209@netfence.it>
Date: Wed, 28 Oct 2009 15:35:08 +0100
From: Andrea Venturoli <ml@netfence.it>
User-Agent: Thunderbird 2.0.0.23 (X11/20090828)
MIME-Version: 1.0
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Subject: snort on multiple interfaces
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Oct 2009 14:35:11 -0000

Some years ago, I checked to see whether I would be able to let a single 
snort process listen on more than one NIC.
At the time it was only possible in Linux.

Now, I searched a bit, but nothing new came up.

Did anything improve since then? Do we still need multiple snort 
processes to listen on more than one interface?
Can some netgraph node help with this?

  bye & Thanks
	av.