Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using the same whitelist in pfB and Snort

    pfBlockerNG
    2
    3
    9
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pftdm007
      last edited by pftdm007

      Hello,

      I've been trying to find a way to use the same list of IP's in both pfB and snort, so I don't have to maintain two independent whitelists.

      One would think that it would be easy but I couldn't get it to work.

      Snort only allows system-wide aliases (Firewall > Aliases). It doesn't seem capable of retrieving IP's from an URL...

      Using "Alias Native" in pfB allows to use the list in a FW rule but doesn't allow to be used in Snort for the above mentioned reason... (URL)

      I thought creating a system wide alias with the IP's, then create a list in pfB (ipv4) and enter the alias name in the source but pfB wont let me do this.

      Short of treating these two packages as completely independent and maintain two identical whitelists, how can I make them use the same IP list?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @pftdm007
        last edited by

        @pftdm007 you’re saying Snort won’t let you pick a URL alias? I guess I hadn’t realized.

        Brainstorming, since it allows nested aliases can you create one that includes your existing alias?

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        P 1 Reply Last reply Reply Quote 0
        • P
          pftdm007 @SteveITS
          last edited by

          @SteveITS

          If I understand you well you are suggesting to create an alias (Firewall > Alias) then add the pfB IP list in this alias, and then use this alias in Snort as passlist?

          FYI the list from pfB I want to use in Snort is called "pfB_pass_IP_v4"

          ca0a0192-7674-4a56-9030-45508f67a999-image.png

          I tried creating an alias and adding the pfB IP list in it using:

          Type: Hosts

          The alias(es): pfB_pass_IP_v4 cannot be nested because they are not of the same type.

          URL (IPs)

          A valid URL or alias must be provided. Could not fetch usable data from 'pfB_pass_IP_v4'.

          URL Table (IPs)

          A valid URL must be provided.
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.