Pfsense Snort not blockig
-
Greetings to Community members,
I just installed snort package and did some basic configuration,
LAN Catogeries:
Enabling : Resolve Flowbits
Enabling : Use IPS Policy
IPS Policy Selection : SecuritySelect the rulesets (Categories) Snort will load at startup
Only selected : openappid-vpn_tunneling.rules and openappid-proxy.rules
In "Available Rule Categories" I've disable all other except above two categories.
LAN Settings:
Enabling : block offender
Enabling : Kill state
Enabling : which ip to block : BothSearch Mehtod : AC-BNFA
thats all started the service . yet nothing is blocked :/ . I wanted to block layers7 apps some vpn tunnels including open vpn for my client so that wont be able to bypass my pfblocker.
Regards
-
Yet no response regarding this abnormal behavior of snort?
-
This post is deleted! -
You said you just installed Snort...how do you know it's not blocking? Did you visited a site that's supposed to be blocked, yet you went to the site?
-
@NollipfSense said in Pfsense Snort not blockig:
You said you just installed Snort...how do you know it's not blocking? Did you visited a site that's supposed to be blocked, yet you went to the site?
Its not blocking when I try to connect my openvpn client it does connect me to my vpn server which suppose to be blocked as per rule?
Regards
-
@scorpoin said in Pfsense Snort not blockig:
@NollipfSense said in Pfsense Snort not blockig:
You said you just installed Snort...how do you know it's not blocking? Did you visited a site that's supposed to be blocked, yet you went to the site?
Its not blocking when I try to connect my openvpn client it does connect me to my vpn server which suppose to be blocked as per rule?
Regards
The default Pass List will whitelist locally attached networks including your VPN. If you don't want that default action, then you will need to create your own custom pass list.