Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems: snorts Blocks IPs

    pfSense Packages
    2
    3
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cisc00
      last edited by

      Hello:

      I have installed pfsense 1.0.1 with snort  2.6.1.3_2.

      In the tab for snort settings (services -> snort), It is NOT checked the 'block offenders' check box to avoid blocking IPs that has generated a false positive snort alert. But sometimes when an alert is generated by Snort the IP is blocked and add to the 'snort blocked' list.
      I would like only, if it is possible, to generate alerts and not to block in any case any IP.

      Is it possible?

      Thanks, Angel.

      1 Reply Last reply Reply Quote 0
      • C
        cisc00
        last edited by

        Hello:

        Also, although the blocked IPs are in the whitelist (I can see them in the webgui interface and in the /var/db/whitelists file) they are blocked when an alert is generated :-(
        Is there any bug?

        Thanks

        1 Reply Last reply Reply Quote 0
        • T
          tomv
          last edited by

          I'm seeing the same thing.  I guess it's good to see I'm not the only one  :-\

          This is on a new install of the machine so Snort is the latest version.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.