Suricata Ignoring IPs in Pass List Aliases (Yes I've Restarted)
-
@doktornotor thank you SO MUCH! This is the part that I was missing!!
@bmeeks I read the notes on the pass list screen like 12 times so a note there that it needs to be enabled on each interface would have definitely helped.
So that leads me to one more smaller question, now that I know that I can only have one pass list per interface, I have my alias lists all neat and organized into groups, so therefore I want multiple alias lists to be applied as pass lists to a given interface. Otherwise I either have to unorganize my aliases or duplicate them in one big "master" pass list alias list. Is there a third option that I'm unaware of? Is there a way to pull multiple lists together via a URL that pfSense provides for each alias like I can do with pfBlocker's blocklists?
-
I want multiple alias lists to be applied as pass lists to a given interface. Otherwise I either have to unorganize my aliases or duplicate them in one big "master" pass list alias list.
A firewall alias can contain other aliases…on the Firewall: Aliases page it says, "You can enter the name of an alias instead of the host, network or port in all fields that have a red background."
-
@teamits I completely missed that. That totally solves my problem. Thank you as well. I'm loving this community so far. :D
-
hi guys…
i recently update my pfsense to version 2.3-release as per snapshot attached...
apparently suricata do detect the alias i declare under firewall > alias > ip menu...
but only the "defaults" are available in the suricata > interfaces > wan settings > Networks Suricata Should Inspect and Protect drop down menu even though i already declare it in the pass list menu ...
please advise and thank you in advance
-
+1
I use suricata 3.0_5
Pass Lists created on the PASS LIST tab are not available in the drop-down for selection on the INTERFACE tab for a Suricata instance.
-
+1
I use suricata 3.0_5
Pass Lists created on the PASS LIST tab are not available in the drop-down for selection on the INTERFACE tab for a Suricata instance.
I had not noticed this. I will investigate. Thanks for the report.
Bill
-
+1
I use suricata 3.0_5
Pass Lists created on the PASS LIST tab are not available in the drop-down for selection on the INTERFACE tab for a Suricata instance.
I had not noticed this. I will investigate. Thanks for the report.
Bill
I second this. Just upgraded to 2.3 and it has suricata 3.0_5 the passlist are not selectable from the dropdowns in the interface.
-
+1 this issue as well. Just upgraded to 2.3 and Suricata will not allow me to use the custom alias for home net. I do not see a passlist anymore. ???
-
+1 this issue as well. Just upgraded to 2.3 and Suricata will not allow me to use the custom alias for home net. I do not see a passlist anymore. ???
There is a typo in the Bootstrap conversion code for Suricata. Actually the Snort version of a variable got pasted in there by yours truly without him realizing it. I found the bug and fixed it today in the version I will be posting very soon (hopefully on Thursday US Eastern time). I have one more issue I'm working on, then the pull request will be ready.
Bill
-
awesome…
i thought my configuration went south after the upgrade... :o :o :o
keep up the good work....
many thanks...
-
You rock Bill. Thank you!
