Snort won't start up after pfSense upgrade
-
Just upgraded pfSense 22.05-RELEASE and now snort won't start. Should I uninstall and reinstall?
Edit: I did a reinstall of snort, and noticed that it got downgraded. It seems to be working now.
-
@gpinzone said in Snort won't start up after pfSense upgrade:
Just upgraded pfSense 22.05-RELEASE and now snort won't start. Should I uninstall and reinstall?
Edit: I did a reinstall of snort, and noticed that it got downgraded. It seems to be working now.
Same happened with me.
-
@nogbadthebad I'm having problems connecting to certain sites.
https://mamedev.org/
It's not a DNS issue. I'm not seeing anything in the logs, but I do know I can reach it on my phone.
-
@gpinzone said in Snort won't start up after pfSense upgrade:
https://mamedev.org/
Works fine for me.
-
@nogbadthebad I found out why it's blocked. It's not snort. The firewall logs show it's blocked due to pfB_Top_v4 auto rule (1770009364) .
-
@gpinzone said in Snort won't start up after pfSense upgrade:
Just upgraded pfSense 22.05-RELEASE and now snort won't start. Should I uninstall and reinstall?
Edit: I did a reinstall of snort, and noticed that it got downgraded. It seems to be working now.
Yes, this is a side-effect of the 22.05 branch being frozen to package updates when we updated Snort on 2.6.0 and 22.01. I've sent the Netgate team an email reminding them to post the Snort 4.1.6 update over to the 22.05 package repository. Give them a day or two and I'm sure they will get the update over there.
Later Edit: just got a confirmation email from the Netgate team. The Snort update for 4.1.6 is now building in the 22.05 package repository. Look for it to show up soon.
-
@gpinzone Just to follow up, the GeoIP Top Spammers block list has some false positives. I disabled it and the couple of sites that got blocked are now working again.
Don't you hate it when coincidences happen?
-
@bmeeks It's here
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
@nogbadthebad said in Snort won't start up after pfSense upgrade:
@bmeeks It's here
Good deal! Have not updated my personal SG-5100 yet, but will in the next day or two.
-
@nogbadthebad Upgraded and working.
I'll be sure to let pfSense updates "ripen" more before pulling the trigger.
-
@gpinzone said in Snort won't start up after pfSense upgrade:
@nogbadthebad Upgraded and working.
I'll be sure to let pfSense updates "ripen" more before pulling the trigger.
Normally we don't experience this package issue. This time was unique because I needed to get a Snort update posted due to the recent release of 2.9.20 upstream. So we pushed the update to 2.6.0-RELEASE, 22.01-RELEASE, and 2.7.0-DEVEL, but at the time (back on June 15) the Netgate team had 22.05-RC in lockdown mode for final testing and we did not want to update Snort there.
So just a coincidence of bad timing on this. One quick reminder email fixed it, though
-
@gpinzone said in Snort won't start up after pfSense upgrade:
@gpinzone Just to follow up, the GeoIP Top Spammers block list has some false positives.
It is almost a given if you are outside of the US.
