Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort seemingly crashing PFsense

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      louiss
      last edited by

      It seems that whenever I enabled Snort on my LAN and WAN interfaces, it crashes and I can no longer access the box though the GUI or SSH. Any ideas here? I have only the community rules enabled (all of them). CPU from TOP command on console shows it under 1% when this issue occurs. Plenty of RAM available. This is running as a VM in ESXi.

      1 Reply Last reply Reply Quote 0
      • L
        louiss
        last edited by

        I figured this out. Apparently PING was enabled as part of the community rules and was triggering and blocking my IP!

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          Never enable Snort blocking without first running for at least a week or two and reviewing what it's triggering and disabling signatures as appropriate, as the default Snort ruleset is way too touchy to be blocking.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.