Snort ignoring passlist after update
-
I recently updated to Snort 2.9.6.2 pkg v3.1.1
Prior to the update my passlist was working correctly, now Snort is blocking the addresses in the passlist
The IP's in my alias/passlist are all CIDR and not domains
To fix this I tried:
1. Removing/recreating the passlist
2. Removing/recreating the referenced alias
3. Reloading filters
4. Restarting service
5. Restarting server
6. Reinstalled SnortBut alas IP's in my passlist keep getting added to the Blocked table
I even compared an XML backup of Pfsense prior to the update with an XML backup after, my Snort settings are the same as they were when it was working
Can someone help me in the right direction to diagnose this?
Thanks
-
Out of curiosity, if you add some /32 IP addresses instead of CIDR to the "Alias", does Snort allow those IPs to "pass"?
-
Thanks for your reply BBcan177
I just realized that the 'pass list' dropdown under Interface/WAN settings had been reset to default!
DOH
-
Happens to everyone at some time or another … :)