I am looking for the most efficient way to white list anyclient ( they have tonnes of IPs / relay domains ) in Snort installed on pfsense? Aim is to access my internal resources from Starbucks while connected via Wireguard? Do I need both a WAN and LAN interface for Snort ?
Install Snort, put it on LAN, don’t turn on blocking, use the tools and do the work you want to do, go through rules and disable the false positives.
So no WAN ? I am following your tutorial : Tutorial, Setting up Snort On pfsense 2.4 With OpenappID - YouTube and hoping to use OpenID to enable Anydesk
You can setup it up on WAN, but there will be many more alerts to tune.