Problems: snorts Blocks IPs
-
Hello:
I have installed pfsense 1.0.1 with snort 2.6.1.3_2.
In the tab for snort settings (services -> snort), It is NOT checked the 'block offenders' check box to avoid blocking IPs that has generated a false positive snort alert. But sometimes when an alert is generated by Snort the IP is blocked and add to the 'snort blocked' list.
I would like only, if it is possible, to generate alerts and not to block in any case any IP.Is it possible?
Thanks, Angel.
-
Hello:
Also, although the blocked IPs are in the whitelist (I can see them in the webgui interface and in the /var/db/whitelists file) they are blocked when an alert is generated :-(
Is there any bug?Thanks
-
I'm seeing the same thing. I guess it's good to see I'm not the only one :-\
This is on a new install of the machine so Snort is the latest version.