> I personally wouldn't mind having my firewall running Snort, or an IDS as
> it saves me all that work. Also it would facilitate automatic blocking of
> IP addresses on the m0n0wall, which you couldn't really have without it
> To have an IDS is to get alerts, so if you don't like getting alerts,
> don't run an IDS.
You can do automatic stuff on the m0n0wall, see the messages about backing
up the config via CURL or wget. You can use the same method to add a rule
to your firewall. Although I wouldn't trust any automatic blocking method
without some serious testing behind it (wouldn't want to block a potential
paying customer by accident).
I don't like getting alerts and I do run an IDS (I would love it if the
internet were nice/safe enough to never get another alert). I also run it
inside the firewall, who cares about the traffic that doesn't get through,
the firewall is doing its job. I only really care about instances when the
firewall doesn't do its job.
Don't forget that just because you have an IDS and firewall, it is a free
ticket to slacking off on updates..