PfSense 2.2 Snort pkg versions have been EOL'd, rules aren't updating



  • As of 2017-05-16 my Snort rules stopped updating:

    Starting rules update...  Time: 2017-05-18 08:17:02
    	Downloading Snort VRT rules md5 file snortrules-snapshot-2976.tar.gz.md5...
    	Snort VRT rules md5 download failed.
    	Server returned error code 422.
    	Server error message was: 
    	Snort VRT rules will not be updated.
    	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
    	Checking Snort GPLv2 Community Rules md5 file...
    	Snort GPLv2 Community Rules are up to date.
    	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
    	Checking Emerging Threats Open rules md5 file...
    	Emerging Threats Open rules are up to date.
    The Rules update has finished.  Time: 2017-05-18 08:17:04
    

    According to the Snort mailing list, server code 422 means the version of rules you're attempting to download has been removed as a result of their EOL policy.



  • Clarification: This is on pfSense 2.2.4 Snort 2.9.7.6 pkg v3.2.9.1.

    EDIT: And upon further research, I see the Snort package on pfSense 2.3 is updated to a non-EOL version. Looks like it's time for me to upgrade!



  • Yep, the current pfSense release versions and the 2.4-BETA have supported versions of Snort.  As soon as FreeBSD ports updates to a new Snort version, I try to get it submitted to the pfSense team for inclusion in the current release.  It is often times not possible to backport a new Snort to older pfSense versions due to changes in other dependent libraries.  Best to try and keep your pfSense installs in sync with the current release.

    Bill