Snort Alias Issue
-
I did a fresh install of pfSense 2.3.4. Using the package manager I've Installed snort-3.2.9.2_16 and I am trying to get it to use an alias pass list as before. So I click Services > Snort > Pass Lists Tab, rename it, fill out the description, I noticed that none of the "Auto Generated IP Addresses" are ticked this time, I associated that with a version change. When I type in the name of the alias I use for snort to ignore networks in "Assigned Alias", then click "Save" I get an error "FQDN aliases are not supported in Snort.".
Given that I'm not using domain names for the networks, only IP address' I thought I'd try some testing. As it turns out it doesn't matter what "Type" of alias I create. I am get the same error message, even if the alias doesn't have any address' in it.
Any ideas or suggestions?
-
What is the actual name of your alias? Does it contain any periods? Those might be misinterpreted as indicating a domain and hence the FQDN error message.
Bill
-
Hi.
The name I used was x_nets. I have changed it to a simple spl at the moment, I'm still working on the problem. After looking around I don't see many others having this issue. -
Hi.
The name I used was x_nets. I have changed it to a simple spl at the moment, I'm still working on the problem. After looking around I don't see many others having this issue.I just tested this in my own VM setup since I was updating the Snort package to support the latest 2.9.9.0 binary. I could not duplicate your issue. I created an alias and assigned it just fine to a PASS LIST.
Bill
-
Hi Bill,
Thanks for trying to track it down, I appreciate the help. I have no explanation as to why it was happening other than to say it was a glitch in the install?!?
I have wiped and re-installed pfSense/packages and everything seems to be working as it should. -
I had the same issue. Turned out I had bad entry in the whitelist alias, forgot to put 0's for the Net address. Corrected it and problem went away.