Snort 2.9.7.0 pkg v3.2.3 – Release Notes

bmeeks

Snort 2.9.7.0 pkg v3.2.3 – Package Update

This update for the Snort package corrects two user-reported bugs.

Bug Fixes

• Multiple cron task entries are generated when editing "rules update" and "remove blocked hosts" intervals.

• In rare instances, a blank network and subnet string results in an invalid single slash ('/') character in a PASS LIST.

Bill

chamele0n

Any known compatibility problems with the new pfSense 2.2? Will upgrading to 2.2 break snort?

fragged

@chamele0n:

Any known compatibility problems with the new pfSense 2.2? Will upgrading to 2.2 break snort?

Snort works fine on 2.2. The above two minor bugs were the only reported ones I've seen so far.

The next binary update will only work on 2.2.X.

chamele0n

@fragged:

@chamele0n:

Any known compatibility problems with the new pfSense 2.2? Will upgrading to 2.2 break snort?

Snort works fine on 2.2. The above two minor bugs were the only reported ones I've seen so far.

The next binary update will only work on 2.2.X.

Thanks Fragged. Good to hear.

bmeeks

@chamele0n:

Any known compatibility problems with the new pfSense 2.2? Will upgrading to 2.2 break snort?

As fragged stated, Snort works fine on 2.2 and has been 2.2 compatible for a long time.  The two bug fixes are minor changes.

Bug #1 was actually a regression bug.

Bug #2 has only been reported by one user, and so far as I can tell it is something unique in his environment. On an initial startup of Snort following a reboot, one interface that Snort auto-scans in his firewall to populate the default pass list and HOME_NET values has no IP address.  The code makes system calls for configured interfaces in order to get their IP address and subnet length.  It then puts those into the pass list and HOME_NET fields.  The code did not check the returned IP address and subnet values, and just assumed they would be OK.  That was my bad.  The result was, in his case, an entry in the pass list like this:  "/,192.168.0/24".  That leading slash came from not validating the returned network and mask values.  The fix simply checks the returned values and skips them if empty.

Bill

maverick_slo

THANK YOU BILL!
This one user reporting that issue has been probably mitigated :)

Also I think it was caused by occasional pppoe flap.
My DHCP WAN always came up OK, but pppoe (which has also Ipv6 on it) sometimes did not, and I think that was the case.

simby

Do we have snort 3.0 date in pfsense ?  8)

bmeeks

@simby:

Do we have snort 3.0 date in pfsense ?  8)

No.  Two external events have to occur first.  Those are (in order of occurrence):

1.  Snort 3.0 goes to RELEASE state

2.  The FreeBSD port of Snort updates to the 3.0 code base.

Until both of the events above transpire, the Snort package will stay on the 2.9.x code base.

Bill