Snort fail to start



  • May 16 00:46:47 snort 54384 FATAL ERROR: /usr/local/etc/snort/snort_21299_em0/snort.conf(5) Failed to parse the IP address: [1.9.0.0/16,1.32.0.0/17,8.8.4.4/32,8.8.8.8/32,14.102.144.0/22,14.102.144.0/23,14.102.144.0/24,14.102.145.0/24,14.102.146.0/24,14.102.147.0/24,14.102.148.0/24,14.102.149.0/24,14.102.150.0/24,14.102.151.0/24,23.6.120.0/24,23.51.32.0/20,23.51.48.0/20,23.197.60.0/23,23.200.82.0/23,23.201.156.0/22,23.212.55.0/24,23.251.122.0/24,27.131.32.0/19,36.255.140.0/24,42.188.0.0/14,43.228.244.0/22,43.228.244.0/24,43.228.245.0/24,43.228.246.0/24,43.228.247.0/24,43.246.176.0/22,43.246.176.0/24,43.246.177.0/24,43.246.178.0/24,43.246.179.0/24,43.251.208.0/24,43.251.209.0/24,43.251.210.0/24,43.251.211.0/24,45.64.168.0/23,45.64.168.0/24,45.64.169.0/24,45.64.170.0/23,45.64.170.0/24,45.64.171.0/24,45.117.122.0/24,45.126.88.0/23,58.26.0.0/16,58.27.0.0/17,58.84.8.0/22,58.84.16.0/22,58.84.40.0/22,58.84.40.0/24,58.84.41.0/24,58.84.42.0/24,58.84.43.0/24,60.48.0.0/14,60.52.0.0/15,60.54.0.0/16,61.11.208.0/20,68

    I found similar post having the same problem

    https://forum.pfsense.org/index.php?topic=80035.msg436963

    I wonder if this is the same bug?

    This only happen when the aliase have more than 207 lines of IP/CIDR. A "" is added into the HOME_NET.
    P/S. Please refer attachment

    Another problem/bug I found, when adding or saving an aliase, the "Import" button will disappear.

    The version if this help.

    2.4.3-RELEASE-p1 (amd64)
    built on Thu May 10 15:02:52 CDT 2018
    FreeBSD 11.1-RELEASE-p10

    Edit:
    Snort version 3.2.9.6_1