Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Change Homenet Snort

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 3 Posters 6.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      supermega
      last edited by

      Hi guys

      I have a bunch of VLAN's configured on my snort box. Now I'm trying to set up snort only for a few Interfaces. The main problem is that if I add a VLAN interface to snort all networks are listed in the default homenet.

      How can I create a homenet for each interface ?

      I'm running on pfsense 2.1-release and Snort 2.9.5.5 pkg v3.0.1

      regards

      supermega

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        @supermega:

        Hi guys

        I have a bunch of VLAN's configured on my snort box. Now I'm trying to set up snort only for a few Interfaces. The main problem is that if I add a VLAN interface to snort all networks are listed in the default homenet.

        How can I create a homenet for each interface ?

        I'm running on pfsense 2.1-release and Snort 2.9.5.5 pkg v3.0.1

        regards

        supermega

        The default in the GUI is to automatically add all locally-attached networks to HOME_NET.  You can defeat this and configure your own HOME_NET, but the process is counterintuitive.

        • First, create an Alias containing the subnet you want to be HOME_NET for the interface.  Do this under Firewall…Aliases.

        • Now go to the Whitelists tab and create a new whitelist.  Give a name that is related to the interface and then maybe add homenet on the end (optional).

        • In this new whitelist, under the "Add auto-generated IP addresses" section, uncheck Local Networks.

        • At the bottom of the whitelist page, start typing the name of the Alias created in step #1.  It should auto-populate.  Select it and then save the new whitelist.

        • Lastly, go to the Snort interface where you want to set a custom HOME_NET.  Edit the interface and scroll down toward the bottom of the page.  In the Home Net drop-down, choose the newly created whitelist.  Save the changes and restart Snort on the interface.

        The counterintuitive part is that although it says "whitelist", it actually is just a list of networks or hosts that you tell Snort what to do with.  For example, it can treat the list as a HOME_NET or as a true whitelist of "never block" IPs.

        Bill

        1 Reply Last reply Reply Quote 0
        • G
          gogol
          last edited by

          The default in the GUI is to automatically add all locally-attached networks to HOME_NET.  You can defeat this and configure your own HOME_NET, but the process is counterintuitive.

          If I remember well as an alternative you can define your own HOME_NET also in the "Advanced configuration pass-through" section of the interface settings. The default HOME_NET will be overruled.

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            @gogol:

            The default in the GUI is to automatically add all locally-attached networks to HOME_NET.  You can defeat this and configure your own HOME_NET, but the process is counterintuitive.

            If I remember well as an alternative you can define your own HOME_NET also in the "Advanced configuration pass-through" section of the interface settings. The default HOME_NET will be overruled.

            True, this method will also work.

            Bill

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.