I will discuss another method which filters traffic in Snort before it gets process by the IDS by using BPF filters. This method is similar to a packet filtering (i.e. stateless firewall) but done in Snort. If you are familiar with tcpdump then using BPF filters in Snort will not be difficult.
There are two ways in invoking BPF filters in Snort. First is via command line argument
snort ... -F <bpf_filename>
config bpf_file: <bpf_filename>
Let us say, we want Snort to ignore traffic coming from host 192.168.200.11 and process the rest. We first create the file "bpf.conf" and include this line inside.
not host 192.168.200.11
If you need to add more hosts or services to be filtered, below is an example with more filters
(not host 192.168.200.11) and
(not host 192.168.200.51) and
(not port 53) and