My question is,
- Is it possible to use SNORT like tools with bridge-nf
- Is it possible to use SNORT like tools with bridge-nf
yes,
just give it an interface because pcap will not automatically find it.
Something like ./snort -vi br0 will work. Also, take a peek at they way I
am playing with the bridge firewall patch, iptables (libipq), and snort at http://w3.cablespeed.com/~rvmcmil
Rob
