Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pf firewall and snort not killing states

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      robobila
      last edited by

      hi everyone,

      i have a weird problem running Snort2.8.5.3 pkg v. 1.19 on pfsense 1.2.3. When snort blocks an ip, the corresponding state is not removed from the state table. Neither pf nor snort don't kill the corresponding states of a blocked ip (which means that the existing connections from an offending ip are not blocked, only new connections are).

      Why does pf not kill the states ? any ideas ?

      By the way, snort is supposed to be the inline version. Why is drop rule action not working ? I manually edited the snort rules but anything other than alert (rule action) is simply ignored. Is this the default behaviour or a bug ?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.