Snort 2.8.5.3 pkg v. 1.21 whitelist problems
-
James,
I am now running pfsense: 1.2.3-RELEASE and Snort 2.8.5.3 pkg v. 1.21
The whitelist do not seems to be working, also the CIDR notation also.
The snort keep blocking the IP that I whitelist, could you please check.
Regards,
Davec
-
Running into the same problem here, is there anything that can be done? I can't turn on my blocking without this…
-
Dear jaysonr,
So far, there are the 2 issues i noticed.
In the old Snort, you can just place an ipaddress such as 123.123.123.123. Now we need to insert something like 123.123.123.123/30. Correct me if i am wrong.
Also in the Categories, quite a number of Categories has issues,
Not success with these rules to enable Snort
emerging-dos.rules
emerging-drop.rules
emerging-malware.rules
emerging-virus.rulesSuccess with these rules to enable Snort
emerging-rbn.rules
emerging-tor.rules
snort_ddos.rules
snort_dns.rules
snort_dos.rules
snort_experimental.rules
snort_exploit.rules
snort_exploit.so.rules
snort_mysql.rules
snort_pop2.rules
snort_sql.rules
snort_sql.so.rulesDavc
-
I've been using the CIDR notation, even tried with & without, seems to basically just ignore what I put in the whitelist.
I'm going to try to edit the Threshold file to ignore my IP:
suppress gen_id 0, sig_id 0, track by_src, ip {my_ip}
I'll post my results
EDIT:
Checked the logs today, looks like that made the difference. I can turn back on my blocking now!