Snort rules after updating pfSense
-
I have disabled some snort rules in some categories. I noticed, that this rules are enabled again after a update to a newer snapshot version. <maybe this="" is="" a="" bug="" …<br="">How can i backup my snort-rules settings ?</maybe>
-
Hello!
I found the same problem on an external snort installation that I have.
In my case was the oinkmaster script configuration.
snort rules change a lot. So, disabling rules must be done at two places: on the snort configuration and on the updater tool (normally oinkmaster, http://oinkmaster.sourceforge.net/).
I think that this question is not implemented yet in the snort package for pfSense, not a bug, a new feature perhaps.
oinkmaster is a perl script. I think pfSense doesn't use it to update snort, so I don't know if is possible to evade this problem using the pfSense console.
Regards,
Josep Pujadas
-
Thanks for your answer. Lets see, if some from the pfSense developers can state a comment about this issue ?
-
Known issue. Nobody is addressing it ATM.
Start a bounty if it is important and timely.