Cant enable some rulesets in Snort IDS/IPS



  • Hi,

    I've noticed I cant enable some rules in the 2nd and 3rd column, does anyone know why? they seem to be grayed out and when i go to select them i just get a red cross symbol.

    Running;

    Pfsense  2.3.3-RELEASE-p1
    snort: 3.9.2.9_16

    Both are the latest,



  • Are you using IPS policy? If you are then depends on what you set to it's pre-defined so you won't be able to check the others per policy. Uncheck use IPS policy and it should allow you to check whatever you want.



  • If you're using one of the pre-defined IPS Policy settings (Connectivity, Balanced or Security), then the Snort rules are automatically selected. If you also add OpenAppID and ET rules, then you can select those rules, as they are not part of the pre-defined Snort IPS policies.

    Here's a post from the Snort blog about how rules are put into each of the pre-defined policies. CVSS score, time, and certain policy groups play a factor in those pre-defined policies.


Log in to reply