Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Possible bug with SnortWhitelist management

    Scheduled Pinned Locked Moved IDS/IPS
    1 Posts 1 Posters 481 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MrEmbedded
      last edited by

      Hi All,

      Pfsense 2.3.2(i386)
      Snort  3.2.9.1_14

      I've added a an entire /20 (4097 entries) subnet to the SnortWhitelist alias using the PFSense Gui.  However now it seems that I can no longer edit that particular alias the page times out and loads blank.  I took a look at an exported configuration and realized that the way that the data is stored is an individual IP address entry is created for each IP in the subnet.

      I suspect that if I manually remove all of those IPs from the config and reapply it, then editing this SnortWhitelist alias will function normally again.

      Is this a bug or just the way it works?  I would have thought pagination would kick in or at least in the GUI the representation would be a single line with the network notation designating the range.

      Maybe this is more of an alias  issue than a snort one specifically.

      I would think a workaround would be for snort to leverage the URL aliases instead of the host ones.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.