Snort seemingly crashing PFsense
-
It seems that whenever I enabled Snort on my LAN and WAN interfaces, it crashes and I can no longer access the box though the GUI or SSH. Any ideas here? I have only the community rules enabled (all of them). CPU from TOP command on console shows it under 1% when this issue occurs. Plenty of RAM available. This is running as a VM in ESXi.
-
I figured this out. Apparently PING was enabled as part of the community rules and was triggering and blocking my IP!
-
Never enable Snort blocking without first running for at least a week or two and reviewing what it's triggering and disabling signatures as appropriate, as the default Snort ruleset is way too touchy to be blocking.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.