@vehpbkrby:
Thank you for your help! But I do not operate your suggestions.
See.
I have a few local subnet.
192,168,0,0 \ 24
192,168,1,0 \ 24
192,168,2,0 \ 24
192,168,3,0 \ 24
Pfsense has 2 interfaces (WAN, LAN) and NAT. LAN = 192.168.1.18, gateway = 192.168.1.30 (subnet 192.168.1.0/24)
If I use the default settings home and external network is:
All computers that have Adresse 192.168.1.0/24 subnet can not use Skype. But those computers that have the addresses of the other subnets, such as my computer is 192.168.0.46 address they are using Skype - it is not blocked!
How do I set up what would snort could block Skype from all the local subnet range
Oh, I see. You have some other subnets behind the pfSense firewall that are not locally attached. In that case you need to add just those specific networks to HOME_NET along with the default values. Try this –
1. Create an Alias called ExpandedHomeNet or something else that is appropriate in your view.
2. Add these networks to the new alias: 192.168.0.0/24, 192.168.2.0/24 and 192.168.3.0/24
3. Create a Pass List on the PASS LIST tab and give it a name similar to CustomHomeNet or something. Leave all the checkboxes enabled (checked) on the Pass List Edit page. In the Address field, enter the name of the alias created in step 1. Save the new list.
4. Go to the INTERFACES SETTINGS tab for the interface in Snort and in the Home Net drop-down, select the list created above.
5. Click the View List button beside the control and verify the list contains your WAN IP, DNS IP, the 192.168.1.0/24 network, all three of the networks added to the alias and your default gateway IP.
6. Save the changes and restart Snort on the interface.
Bill