SNORT BLOCKING EVERYTHING
-
Well I am not sure what the heck to do. I have about a dozen pfSense boxes running and I have a problem with snort on everybox.
System Specs:
pfSense 1.2RC2
Dell Power Edge 1750 Rackmount
Xeon Quad Core 3.06 GHz
4 Gig of RAM
3 Gig NIC's BroadcomSnort does a very good job blocking, but thats the problem, its doing to good of a job. It will block anything and everything. This is a problem trying to recieve e-mail or access websites that are other venders and know agencies. It will even block venders trying to transfer files or even IP's of people trying to visit our site.
I am using all default install settings excpet the check box that blocks offenders automatically when an alert is generated. I have reinstalled and removed the package constantly. This is a real pain.
Right now I have things set to not block offenders when an alert is generated, but from my understanding that is defeating the purpose of snort.
Any help would be great.