Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    (Solved)Snort ACL exist?

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 666 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • perikoP
      periko
      last edited by periko

      Been working with snort this couple of weeks, which is a excellent piece of software and pfsense have done a great work in the integration.

      My question is related to ACL maybe snort doesn't know anything related to this stuff like squid does.

      Is possible to apply some rules to some LAN IP's for example, like a ACL?

      LAN IP-x u will be blocked by the rules social-media/media-streaming.
      LAN IP-y u will be blocked by rules media-streaming/webservices.

      Is possible this or snort doesn't work this way?

      Just curious, running latest pfsense 2.4.4_p2, thanks.

      Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
      www.bajaopensolutions.com
      https://www.facebook.com/BajaOpenSolutions
      Quieres aprender PfSense, visita mi canal de youtube:
      https://www.youtube.com/c/PedroMorenoBOS

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by bmeeks

        Snort can use the OpenAppID Layer 7 detection preprocessor to do what you want. You will have to write your own custom rules, though. Some info to get you started can be found here: https://docs.netgate.com/pfsense/en/latest/ids-ips/setup-snort-package.html#application-id-detection-with-openapp-id. To get a feel for writing your own rules (or copying and then customizing one of the existing rules), enable OpenAppID as shown in this doc. Then go to the RULES tab and open some of the OpenAppID rule category files from the drop-down selector. They will all have the prefix "openappid".

        And here is a YouTube video produced by a third-party showing the use of OpenAppID: https://www.youtube.com/watch?v=-GgqYq5-EBg.

        perikoP 1 Reply Last reply Reply Quote 0
        • perikoP
          periko @bmeeks
          last edited by

          @bmeeks reading learning, thanks again!!!

          Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
          www.bajaopensolutions.com
          https://www.facebook.com/BajaOpenSolutions
          Quieres aprender PfSense, visita mi canal de youtube:
          https://www.youtube.com/c/PedroMorenoBOS

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.