Snort - Unblock blacklisted hosts from the command line
-
Hi,
I' m testing Snort at Pfsense RC1 and I was wondering if I can unblock the blacklisted IPs from the command line.
Does anyone which is the configuration file with the blacklisted IPs?Thanks in advance
Antonios
-
They are held in a temporary table, they can be cleared with:
pfctl -t snort2c -T flush
or
pfctl -t snort2c -T delete
-
Thanks a lot jimp!
By the way, how does snort in pfsense add these rules on the fly? Is it compiled with snortsam or snort-inline, or do you use another trick?
-
I'm not sure of the details, it's changed a few times over the years, not sure what the package author has it doing these days.