Snort seemingly crashing PFsense

  • It seems that whenever I enabled Snort on my LAN and WAN interfaces, it crashes and I can no longer access the box though the GUI or SSH. Any ideas here? I have only the community rules enabled (all of them). CPU from TOP command on console shows it under 1% when this issue occurs. Plenty of RAM available. This is running as a VM in ESXi.

  • I figured this out. Apparently PING was enabled as part of the community rules and was triggering and blocking my IP!

  • Never enable Snort blocking without first running for at least a week or two and reviewing what it's triggering and disabling signatures as appropriate, as the default Snort ruleset is way too touchy to be blocking.

Log in to reply