I am in the process of building a bridge firewall to place as the gateway to my network. I have a couple questions that I can't seem to find clear answers to. Can snort sniff on a bridged interface? Second, can ebtables block by IP? I know IP is layer 3 and a Bridge is Layer 2 but some of the recipes I have seen for ebtables have ips in them. In general I would like to be able to snort all incoming traffic on the bridge and filter out any traffic from attackers who appear to be reoccurring offenders. Thanks, Hugh Crissman
