Snort don't refer to pass list…
-
https://www.youtube.com/watch?v=o3u7BJRW1ek
i refered to this url and somehow snort setup done. but few minutes later, E-mail (Use Thunderbird) can't connect mail server , then i see block tab , found the cause.(pop3 servers address is there) and i back pfsense top screen , go firewall -> Aliases , regist ip address (named pop3_allow) , then go snort service screen , PassLists tab , add Aliases include ip addresseds made in Aliases tab.but , not yet E-Mail can't connect pop3 servers…pass list is registerd then -> snort don't block/investigate about this ip addresses , through thease . do will i add more settings to snort menu ? Please instract me how to set it up :'(.
thanks for reading !
-
Did you clear the IP in the "Blocked" Tab.
-
Thanks for reply . i try to clear IP in the Blocked tab , all IP list was cleared, and temporarily E-Mail good run. but still few minutes after , again pop3 servers address pop up Blocked tab…
My settings is below , if it for use of find problem.
-
Try to stop/start the Snort Interface where the alert is occurring.
-
thanks for reply . i think it seems to be blocked pop3 access unless snort remaining blocklist . remaining pop3 IP in the blocklist , Disable(in WAN Settings) or Stop(Status: Services) to snort , E-mail don't run.
and i retry clear blocklist . even though off/stop snort runs somewhere (pop3 blocks) , but blocklist was cleared , E-Mail accesss good run.
my situation is such a feeling first of all. waiting for reply. :)
-
https://www.youtube.com/watch?v=o3u7BJRW1ek
i refered to this url and somehow snort setup done. but few minutes later, E-mail (Use Thunderbird) can't connect mail server , then i see block tab , found the cause.(pop3 servers address is there) and i back pfsense top screen , go firewall -> Aliases , regist ip address (named pop3_allow) , then go snort service screen , PassLists tab , add Aliases include ip addresseds made in Aliases tab.but , not yet E-Mail can't connect pop3 servers…pass list is registerd then -> snort don't block/investigate about this ip addresses , through thease . do will i add more settings to snort menu ? Please instract me how to set it up :'(.
thanks for reading !
As the final step, after you created and save the passlist_10385 entry, did you then go to your WAN SETTINGS in Snort and assign that pass list name to the running interface and then restart the interface?
Post a screenshot of the WAN SETTINGS tab from your Snort instance showing the assigned PASS LIST.
Bill
-
Thanks for reply. following your instruct , and after restart PFSense , Snort recognize my whitelist ! E-Mail runs good , but port80/443 needed access in blocked hosts list , individually add IP/Networks needed( Akamai , etc…). a few time it needs , but once setup this , after it's be all right.
Snort WanSettings -> Pass List fields is below.
Thanks for reply , my snort problem is solved :D
-
Thanks for reply. following your instruct , and after restart PFSense , Snort recognize my whitelist ! E-Mail runs good , but port80/443 needed access in blocked hosts list , individually add IP/Networks needed( Akamai , etc…). a few time it needs , but once setup this , after it's be all right.
Snort WanSettings -> Pass List fields is below.
Thanks for reply , my snort problem is solved :D
Glad you got it working. That final step of actually assigning the Pass List to the desired interface is frequently missed.
Bill
