Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SNORT rule does not work!

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 583 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pink-hat
      last edited by

      hello

      I have a problem.
      I do these steps of snort for adjusting rule. (with Kali version in vmware)

      1. cd /etc/snort/rules
      2. sudo nano twitter.rules
      3. reject tcp any any -> any any (content:"www.twitter.com";msg:"Block lists";sid:1000001; )
      4. sudo nano /etc/snort/snort.conf
      5. Add –> include $RULE_PATH/twitter.rules
      6. sudo snort -A console -i eth0 -c /etc/snort/snort.conf -l /var/log/snort -K ascii

      after this steps , I received this message "commencing packet processing"
      but when I want to open twitter site , sometimes this site does not open but sometimes open!
      and also the msg for rule does not appear!

      I want to know why I can't block the site and get this message?!

      thanks

      1 Reply Last reply Reply Quote 0
      • H
        Harvy66
        last edited by

        Twitter is HTTPS. You can't see the content because it's encrypted.

        1 Reply Last reply Reply Quote 0
        • P
          pink-hat
          last edited by

          I just told one example, actually I have this problem with any website.
          and I don't want to see the content, I just want to block the site.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.