IPS Mode on Snort Pfsense
-
how to make snort on pfsense to IPS mode ? because if i attacked my webserver, snort just can detection (IDS mode). On configure snort, i checked blocked offenders and IPS policy is Security. So how to make snort can preven ?
Thank you
-
how to make snort on pfsense to IPS mode ? because if i attacked my webserver, snort just can detection (IDS mode). On configure snort, i checked blocked offenders and IPS policy is Security. So how to make snort can preven ?
Thank you
Snort is currently incapable of operating in Inline IPS Mode on pfSense. Now if you really are asking how to put Snort in blocking mode, you do that on the INTERFACE SETTINGS tab for the interface. There is a configuration option to enable blocking and set some other related parameters. Make the changes there, save them, then restart Snort on the interface.
Bill
-
what is parameters? can you give me step by step about that ?
-
what is parameters? can you give me step by step about that ?
You will find the settings along with helpful hints about what they do on the INTERFACE SETTINGS tab for the Snort interface. I don't mean to be rude, but if you can't figure that part out from the GUI, then enabling blocking is not going to be a good experience for you. Expect lots of Internet breakage unless you thoroughly understand the ramifications of enabling the various rules and understand how to configure suppression lists applicable to your network environment. Using an IPS is not easy! It requires tuning that is specific to your network environment and devices. You can't just "turn it on" and have it work without any other actions on your part. An IPS is not as easy to implement as say an anti-virus package.
Here is a sticky thread I created about four years ago for setting up Snort – https://forum.pfsense.org/index.php?topic=61018.0
Bill
-
thank you for information but i'm finish to follow step bu step. Is there any alternative to block attacker like port scanning ?
