PfSense 2.4.2-RELEASE-p1



  • Hi,

    I have upgraded to 2.4.2-RELEASE-p1 and it is nice to have the addition of "Click to force a different action for this rule" option under Alerts on Suricata. Only comment I have so far, I hope they would add in the future that when a GID:SID is set to a specific action on an interface like WAN, there is an option at least that prompts or check boxes whether or not you want to apply it as well to other interfaces on your pfSense box.

    My question is, where could I check in pfSense the GID:SID that I have been setting to DROP through the option above? I used to manually copying GID:SID and pasting it to a dropsid configuration file under SID Mgmt and I don't see anything new that I have been setting lately to DROP.

    Thanks.



  • @zombietek:

    Hi,

    I have upgraded to 2.4.2-RELEASE-p1 and it is nice to have the addition of "Click to force a different action for this rule" option under Alerts on Suricata. Only comment I have so far, I hope they would add in the future that when a GID:SID is set to a specific action on an interface like WAN, there is an option at least that prompts or check boxes whether or not you want to apply it as well to other interfaces on your pfSense box.

    My question is, where could I check in pfSense the GID:SID that I have been setting to DROP through the option above? I used to manually copying GID:SID and pasting it to a dropsid configuration file under SID Mgmt and I don't see anything new that I have been setting lately to DROP.

    Thanks.

    When you "force" different rule actions on the ALERTS or RULES tabs, those changes are saved in a special section of the firewall configuration file, config.xml.  They are not written to any of the SID MGMT configurations.  Go check out this sticky post at the top of the forum:  https://forum.pfsense.org/index.php?topic=145467.0.  User overrides are the last actions processed as the rules are built for an interface.  If you want to see what rules you have user overrides for, go to the RULES tab and view using one of the new categories listed in the drop-down there.  There are categories for each class of applicable user overrides.

    The software version you quoted as upgrading to is for pfSense itself.  That is not the version of Suricata.  Suricata's version is currently 4.0.4.

    Bill