Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort 3: Feature request, per rule/category ability to block, unblock?

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 316 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cTar
      last edited by

      Snort 3 has been in development for years now and they have recently released a beta version.
      I understand from another Netgate forum post the 2.x.x.x version is too difficult to implement this functionality but am hopeful that with the Snort 3 release the ability to choose blocking per rule category might be possible.

      Just a thought. Thanks

      1 Reply Last reply Reply Quote 0
      • bmeeksB Offline
        bmeeks
        last edited by bmeeks

        This ability is now available for Snort 2.9.x on pfSense. It has just been released to pfSense-2.5-DEVEL this morning. It is called "Inline IPS Mode". The new package version is 4.0. It allows the user to configure specific rules or categories of rules to do one of the following: alert only, alert and drop or alert and reject. When using the new Inline IPS Mode, only DROP or REJECT rules will actually block traffic.

        I'm working on a "How-To" and set up post and will start a thread on that topic shortly.

        1 Reply Last reply Reply Quote 0
        • C Offline
          cTar
          last edited by

          Two great surprises in one day!

          Thanks again for your work.

          Bill

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.