The initial installation of Snort is easy, especially if you have already gone through the process of installing a package. First, navigate to System | Package Manager and click on the Available Packages tab. Find the entry for Snort in the table, and when you find it, click on the corresponding Install button. Click on the Confirm button to confirm installation; this will transfer you to the Package Installer tab. This page will provide information on the progress of Snort's download and installation. The entire process seldom takes more than a few minutes.

When installation is complete, you should be able to navigate to Services | Snort to begin configuration. Click on the Global Settings tab first; this covers settings that will apply to all interfaces on which Snort is enabled. Under Snort Subscriber Rules, there is an Enable Snort VRT option. If you check this box, an edit box will appear. In this box, you can enter a Snort Oinkmaster Code. If you haven't already, you should sign up for an account on the official Snort website and obtain an Oinkmaster code. This code will enable you to download rules from the Snort website. Registration is free, and it enables you to download the restricted rules. Subscriptions to the personal and business tiers, however, are not free.

To register at the official Snort website, navigate to https://www.snort.org/subscribe and fill out the registration form on that page. The website will send an email confirmation. When you have confirmed your registration, you will be able to log into the official Snort website. Once there, click on your email address in the upper right-hand corner and you will be able to see your account information. There should be a link on the menu on the left-hand side of the page for the Oinkcode. Click on that link to generate the code. Once you have the code, you may enter it in the appropriate box in Global Settings.

The settings that you chose will depend on your security requirements. You will likely want to enable the download of Snort GPLv2 Community rules, and downloading the Emerging Threats Open rules isn't a bad idea either. Rules Update Settings is where you can choose when Snort updates the rules. Note that it does not update the rules by default; therefore, you will want to choose a reasonable value for the Update Interval. Since Snort does not automatically download the rules, click on the Updates tab and click on the Update Rules button.

Snort will now be installed and the most basic of configuration is done, but Snort won't do anything until we enable it on one or more interfaces. You can do this by clicking on the Snort Interfaces tab and clicking on Add. When the page loads, you will be able to check the Enable Interface checkbox (under General Settings) and then select an interface that has not yet been added to Snort in the Interface drop-down box. Most of the traffic that will be of interest to us will be reaching the WAN interface eventually.

Therefore, in most cases, you can just add WAN (assuming you don't have a multi-WAN setup). In some cases, however, we may be interested in internal traffic, for example, malware may be running inside our network. We can run Snort on more than one network, but take into account that running Snort on an interface is a resource-intensive matter. Therefore, unless you have a specific need to monitor internal traffic, you probably should only run Snort on WAN.

Once Snort is installed and enabled on the WAN interface, we have a much better chance of, for example, detecting and blocking peer-to-peer traffic. To do this, follow this procedure:

1. Click on the WAN Settings tab.
2. Under Alert Settings, check the Block Offenders checkbox—doing so will block any traffic that generates a Snort alert.
3. Once you have done this, click on the Save button.
4. Once the page reloads, click on the Edit icon, and then click on the WAN Categories tab.
5. Scroll down to the list of rulesets, and click on emerging-p2p.rules. Click on any other rulesets you wish, and then scroll down to the bottom and click on Save.
6. By clicking on WAN Rules and selecting emerging-p2p.rules in the Category Selection drop-down box, you should see the newly-added p2p rules.

If you leave this ruleset in place, you are likely to find that Snort is much more effective than the built-in traffic shaper in blocking peer-to-peer traffic.