Snort/Suricata Suggestion

fsansfil

Hello,

One of the main feature of pfsense is the ability to use aliases, almost everywhere….and its very well done!!

On firewall:Aliases there is 4 tabs; IP, PORT, URL, ALL

It would be nice if we could add a 5th tab called: IDS

On the IDS tab we could create any meta-variables using the $ operator of Snort or Suricata.

Example : $NTP_SERVERS...

Any aliases created on this tab could be invoked by IDS rules. That would make Snort and Suricata packages even more accessible, integrate pfsense DNA of aliases and make it even more customizable.

F.

BBcan177

Hi fsansfil,

This functionality already exists with both Snort and Suricata.

In each Interface, edit the Interface variables tab (ie "WAN Variables"), and enter a pre-defined pfSense Alias.

fsansfil

Hey BBcan,

I know, its really well done too…

But just wanted a simple way to add more $ operator with aliases ;)

F.

bmeeks

@fsansfil:

Hey BBcan,

I know, its really well done too…

But just wanted a simple way to add more $ operator with aliases ;)

F.

This idea would require changes within the pfSense code itself, and not just the Snort or Suricata package code.

Bill