Snort 2.9.7.5 pkg v3.27 Update – Release Notes

bmeeks

Snort 2.9.7.5 pkg v3.2.7

This updates the Snort binary to version 2.9.7.5 and the GUI package to version 3.2.7. One new feature is introduced and three reported bugs are fixed in this release.

New Features

• The custom blocking Snort output plugin now includes code to monitor all of the firewall interfaces and automatically add the interface IP addresses to an internal Pass List so that firewall interface IPs themselves are never blocked. This is most helpful for users with a frequently updating dynamic WAN IP address. The blocking module will now be immediately notified of the updated WAN IP address and will add it to an internal automatic Pass List and remove the old IP from the same list. This should prevent inadvertent blocking of the WAN IP following an update via DHCP or other means from the upstream ISP. Similarly, other firewall interface IPs will be protected from inadvertent blocking. When an IP change is detected by Snort, a message will logged to the firewall system log.

Bug Fixes

• Proxy ARP virtual IPs are not included in default HOME_NET variable and PASS LIST.

• Add reminder to PASS LIST screen to assign any custom-generated lists to an interface.

• Dynamic IPs on firewall interfaces sometimes blocked after being updated. (see new feature for further details).

Bill

firewalluser

Thanks!  :D