On Tue, May 21, 2013 at 12:17 PM, Russ Combs <rcombs () sourcefire com> wrote:
Probably not in that form. I'm guessing you actually want to select a
policy by BPF, not the other way around. What are you trying to do
beyond the network or VLAN bindings available now?
Sorry for the late response Russ. I need to configure one snort
instance with two different configs:
a) One configuration needs to monitor lan 10.196.0.0/24 except 10.196.0.15 host
b) Another configuration needs to monitor only traffic that comes and
go to/from host 10.196.0.15.
Obviously, I can do this using two snort instances, but it will be
good to do with only one instance ...