Snort - Snort Interfaces > WAN Rules > Categories are blank
-
Hey all, just started using the snort package and noticed there are… no rules. If I look at the interfaces, I see it's running, and enabled for the interface, but there's no rules defined:
https://www.dropbox.com/s/w5aqsa63w1q6ozi/snortinterfaces.JPGSo then I edit the interface, click on WAN Rules… aaand there's nothing.
There's a Category: custom_rules, but there's nothing else to choose from... is there presets by default? From some cursory looks it seems others have options to select from for categories and such. But... where am I going wrong here?
https://www.dropbox.com/s/awnrz8627vz2hqp/customrules.JPG -
Hey all, just started using the snort package and noticed there are… no rules. If I look at the interfaces, I see it's running, and enabled for the interface, but there's no rules defined:
https://www.dropbox.com/s/w5aqsa63w1q6ozi/snortinterfaces.JPGSo then I edit the interface, click on WAN Rules… aaand there's nothing.
There's a Category: custom_rules, but there's nothing else to choose from... is there presets by default? From some cursory looks it seems others have options to select from for categories and such. But... where am I going wrong here?
https://www.dropbox.com/s/awnrz8627vz2hqp/customrules.JPGFollow the setup instructions in this sticky thread posted at the top of the Packages forum: http://forum.pfsense.org/index.php/topic,61018.0.html
From your description, it sounds like you have not gone to the Global Settings tab and enabled any rule sets for download (Snort VRT, Emerging Threats and/or Snort GPLv2 Community Rules). If you have not done so yet, read all the posts in the thread I linked. That should get you going. If not, post back and the team here can assist.
One note about the linked post: it refers to the "green icon" when starting the Snort interfaces. That was the old icon. In the current Snort package, the icon for the interface will be a red X when Snort is not running, and a green arrow point when Snort is running. Unfortunately I am unable to edit that old post to correct the misinformation. :(
Bill
-
Got it, thank you!