Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cant enable some rulesets in Snort IDS/IPS

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Mr_JinXM
      Mr_JinX
      last edited by

      Hi,

      I've noticed I cant enable some rules in the 2nd and 3rd column, does anyone know why? they seem to be grayed out and when i go to select them i just get a red cross symbol.

      Running;

      Pfsense  2.3.3-RELEASE-p1
      snort: 3.9.2.9_16

      Both are the latest,
      rules.PNG
      rules.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • U
        u3c307
        last edited by

        Are you using IPS policy? If you are then depends on what you set to it's pre-defined so you won't be able to check the others per policy. Uncheck use IPS policy and it should allow you to check whatever you want.

        1 Reply Last reply Reply Quote 1
        • MikeV7896M
          MikeV7896
          last edited by

          If you're using one of the pre-defined IPS Policy settings (Connectivity, Balanced or Security), then the Snort rules are automatically selected. If you also add OpenAppID and ET rules, then you can select those rules, as they are not part of the pre-defined Snort IPS policies.

          Here's a post from the Snort blog about how rules are put into each of the pre-defined policies. CVSS score, time, and certain policy groups play a factor in those pre-defined policies.

          The S in IOT stands for Security

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.