Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort & IP Blocklist & StrikeBack

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 3 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      compucoder
      last edited by

      Does anyone know if it is beneficial to use IP Blocklist and StrikeBack when you also have Snort running? It seems to me that Snort already has rules in place to handle most bad things. I am using 2.0 RC3 and this system protects a corporate network. I do not want to add overhead and instability to the system if these 2 packages won't add any extra value for our type of environment.

      Btw, I have nearly every Snort category enabled with Auto Block on for 7 days. It catches a fair amount of bad connections but have yet to encounter a false positive. I guess it is because I don't turn on the ShellCode rules. I find these rules heavily prone to false positives and am not entirely convinced most matched items are really that bad.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • C
        Cino
        last edited by

        The 3 packages does something a little different. Snort is IDS and can block if a fingerprint match. IP-Blocklist is just that, it blocks IPs. StrikeBack well, i dont know much about it since there are some bugs getting it to autostart..I ended up removing it from my system.

        I'm not sure if you need strikeback, but IP-Blocklist can't hurt. I use CountryBlock instead of IP-Blocklist. Almost the same thing but i'm only looking to block certain countries. With IP-BL, you can put country ranges in it and add kind of list.

        I have to do more reading about strikeback, i like the idea but i can't remember if it does this automatic.. If not, its not worth it then. Because you can do manually after checking your snort log.

        1 Reply Last reply Reply Quote 0
        • C
          compucoder
          last edited by

          I use Country Block too. it works great. I just wanted to block the main spammers and its top 10 list is perfect.

          I may not bother with IP Blocklist since I don't see any added value for our network.

          I agree on StrikeBack. If it doesn't auto block or auto something then I don't see the use. I don't have all day to monitor logs and manually block suspicious connections. I also like the idea of it but need to read more also.

          1 Reply Last reply Reply Quote 0
          • J
            jigpe
            last edited by

            @ Cino

            • Whats the requirement of IP-Blocklist? (RAM), Can we uninstall it too in 2.0? And also, can we add exemption to this?

            jigp

            1 Reply Last reply Reply Quote 0
            • C
              Cino
              last edited by

              @jigpe:

              @ Cino

              • Whats the requirement of IP-Blocklist? (RAM), Can we uninstall it too in 2.0? And also, can we add exemption to this?

              jigp

              i'm not really sure on the ram and there i believe there is a whitelist function for it… there is a thread  just for IP-Blocklist under the Packages board. You can install and uninstall with no issues under 2.0

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.