Possible bug with SnortWhitelist management
-
Hi All,
Pfsense 2.3.2(i386)
Snort 3.2.9.1_14I've added a an entire /20 (4097 entries) subnet to the SnortWhitelist alias using the PFSense Gui. However now it seems that I can no longer edit that particular alias the page times out and loads blank. I took a look at an exported configuration and realized that the way that the data is stored is an individual IP address entry is created for each IP in the subnet.
I suspect that if I manually remove all of those IPs from the config and reapply it, then editing this SnortWhitelist alias will function normally again.
Is this a bug or just the way it works? I would have thought pagination would kick in or at least in the GUI the representation would be a single line with the network notation designating the range.
Maybe this is more of an alias issue than a snort one specifically.
I would think a workaround would be for snort to leverage the URL aliases instead of the host ones.