Transparant Bridge, no firewall?
-
I have some problems with firewalling my Transparant Bridge. (using the firewall -> rules)
I'm using pfSense 1.2RC2Snort doesn't work. It doesn't filter attacks and other things.
But still there are attacks on the servers, and Snort doens't block anything.
The snort service is running, and has no problems.
I'm using Snort with performance "ac", and it is up-to-date.Who know an option to solve this problem? :)
-
Have you enabled the "Block Offenders" option?
Are you getting alerts in the snort alerts tab?
Are there any IPs in the blocked tab?
if so goto the Diagnostics->command and run "ps aux | grep snort" you should get 2 entries one for snort and one for snort2c (the program that copies offenders IPs to the PF firewall).
-
Have you enabled the "Block Offenders" option?
Are you getting alerts in the snort alerts tab?
Are there any IPs in the blocked tab?
if so goto the Diagnostics->command and run "ps aux | grep snort" you should get 2 entries one for snort and one for snort2c (the program that copies offenders IPs to the PF firewall).
I have enabled the "Block Offenders".
The snort alerts list is emty, and there are no IP's blocked.$ ps aux | grep snort
root 805 0.0 0.1 1292 908 ?? Is 28Sep07 0:00.00 snort2c -w /var/
root 24122 0.0 0.1 1532 988 ?? R 10:28PM 0:00.00 grep snort -
Your ps output shows snort isn't running. What is logged to your system log when it tries to start?
-
I was looking at the services page, and i saw that the snort service was running.
System log, when I restart de snort service:
Nov 3 09:37:14 snort[10451]: Daemon initialized, signaled parent pid: 10437
Nov 3 09:37:14 snort[10451]: Daemon initialized, signaled parent pid: 10437
Nov 3 09:37:14 snort2c[10454]: snort2c running in daemon mode pid: 10454
Nov 3 09:37:14 snort2c[10454]: snort2c running in daemon mode pid: 10454
Nov 3 09:37:31 SnortStartup[10513]: Ram free BEFORE starting Snort: 721M – Ram free AFTER starting Snort: 616M -- Mode ac-sparsebands -- Snort memory usage:And a new ps output:
$ ps aux | grep snort
root 10451 17.5 51.1 526836 527044 ?? Ds 9:37AM 2:21.81 snort -c /usr/lo
root 10454 0.0 0.1 1292 908 ?? Is 9:37AM 0:00.00 snort2c -w /var/
root 10812 0.0 0.1 1600 1048 ?? S 9:41AM 0:00.00 grep snort -
Here's a new ps aux output…..
$ ps aux | grep snort
root 10454 0.0 0.1 1292 908 ?? Is 9:37AM 0:00.00 snort2c -w /var/
root 76987 0.0 0.1 1552 656 ?? R 10:04PM 0:00.00 grep snortI think it's stopped again? ???
-
hi!
try running snort in lowmem mode. there seems to be troubles with the other modes.
regards
cc