Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort in 2.3.2 and /32s

    Firewalling
    2
    2
    500
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mattym last edited by

      hi,

      Basically I have snort installed on 2.3.2 PFSense. I need to whitelist networks as well as certain hosts. Ive created a whitelist via a networks alias, attached this to a passlist, then enabled that under the WAN snort interface. It seems to ignore a /32 and lets it get blocked. Im in a catch 22 as I could add just a hosts list if thats the problem but I need certain networks whitelisted. :/ Looking at its self generated lists it just has the IP for single hosts, as in no /32 after the IP but that shouldn't really matter?

      thanks

      matt

      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by

        The missing /32 on a single host should not matter.  Two things come to mind if you are still getting blocks on a whitelisted IP.

        1.  Did you go to the Snort Interface in EDIT mode, assign the whitelist in the appropriate drop-down, then save the update and restart Snort on the interface?

        2.  Do you by chance have a duplicate Snort process that may be ignoring your whitelist?  Under some conditions a duplicate Snort process can fire off for an interface. To check this execute this command from a shell prompt:

        
        ps -ax | grep snort
        
        

        That should show exactly one process per interface.  If you see more Snort procesess than you have configured interfaces, then kill them all and restart Snort on each interface in the GUI.

        Bill

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy