Quick question on snort's default rules directory
-
pfsense 1.2.3 release
snort 2.8.6, pkg 1.27When I go into the rule updates tab it displays a warning that /usr/local/etc/snort/rules directory is empty. I did verify this by going into the shell and indeed there's nothing there.
The thing is I already have a subdirectory created for my interface and the rules are stored there at: /usr/local/etc/snort/snort_29189_fxp0/rules
I've edited the /usr/local/etc/snort/snort.conf file, down around line 60, to: var RULE PATH ../snort_29189_fxp0/rules but I can't see any difference. If I press the update rules button it doesn't download anything and I'd prefer to get rid of that warning. Should I just move all the rules to the default ../rules directory instead of my interface subdirectory?
-
Keep an eye on this thread for updates:
http://forum.pfsense.org/index.php/topic,26382.45.html
I'll try to fix this since it seems the usual maintainer hasn't been around in a while.
-
Thanks, I actually have been keeping an eye on the main thread you linked to.
I realize my question may seem pretty stupid to others here, but I guess the main thing I was trying to ask was there any benefit to storing my rules in the interface's subdirectory rather than the general rules directory?
-
jimp has a proposed fix at the thread he links to above…