> How can I make Bro IDS monitor and analyze all the traffic come from eth0? Use redef interfaces = "eth0"; in you policy script, or "bro -i eth0 ..." when you execute Bro. > And after that pass the traffic to eth1? Bro doesn't have a packet forwarding capability for inline operation. Vern