Snort whitelisting working?



  • It seems like I whitelist IPs and they are still subject to blocking. Anybody else seeing this? This is a pfSense 1.2.1-RC2 snapshot from last Sunday morning.



  • @t3rmin:

    It seems like I whitelist IPs and they are still subject to blocking. Anybody else seeing this? This is a pfSense 1.2.1-RC2 snapshot from last Sunday morning.

    Same here on 1.21 RC with latest snort.  I whitelisted my dyndns relay for email, and snort blocked it anyways.  I had to turn a rule off so that i can get mail again.  (I know what that means, but they just relay, I do the scanning on my end).

    a.r.



  • Confirm, whitelist is ignored.

    EDIT:

    1. add ip to whitelist

    2a)
        I ) unload the rule triggering the block and save changes
        II) reload the same rule and save changes

    2b) just restart snort to definitively whitelist IPs


Log in to reply