4. Scheduled emptying of block list?

Scheduled emptying of block list?

  • D

    I know I can schedule things via cron and the like, but is there a command to empty the Snort/Suricata blocklist on a regular basis?  I know I can set how long a block lasts, but I want to be able to just empty the list on a regular basis.  We are having a tough time figuring out what rules are causing some of our critical services to be blocked, so for now, until I can sort it all out, i want to just dump the block list on a regular basis.

    I've searched but not found anything on this, please simply point me in the right direction if you know there is a solution and I just couldn't search properly.

    Thanks.

    0
  • Moderator

    For the first few weeks or so, best to use Snort/Suricata in Non-Blocking mode…. This gives you time to tune it to your network without actually blocking anything...

    otherwise this command will flush the table...

    pfctl -t snort2c -T flush
    0
  • D

    Thanks.  I would love to be running in NB mode, but we're in full swing for classes and if I run in NB mode the RIAA, MPAA and anyone else with copyright grievances will be breathing down my neck… students just won't turn off their BitTorrent clients.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy