Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort: With or Without Auto Blocking?

    pfSense Packages
    3
    3
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      naughtyusmaximus
      last edited by

      Is there any point in running snort without automatically blocking "offenders"?  I'm getting a lot of false positives from my international users (with dynamic IPs), and I don't want to deny them email/website access.

      1 Reply Last reply Reply Quote 0
      • L
        lordarcane
        last edited by

        Without block its more like an infometer. You can check out the ip´s and so on of the one´s trying to get to your network. But if it is saftey your worried about, I think that the pf sense does a good job of protecting you anyway!

        1 Reply Last reply Reply Quote 0
        • N
          neyz
          last edited by

          Kinda reviving this thread but is it possible de choose what rules should trigger a block ? Right now it seems by default every single alert creates a block which means there is ALOT of false positives so activating the auto block is just suicide.

          It also seems impossible to edit the basic rules for http_inspecter and ftp because they get overwritten each time you restart the service, you can add stuff in the configuration form but you can't edit section that are already in the default conf. (thinking about the "http_inspect: NON-RFC DEFINED CHAR" that alot of people are getting)

          Thanks !

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.