Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    (Solved)Snort ACL exist?

    IDS/IPS
    2
    3
    226
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • periko
      periko last edited by periko

      Been working with snort this couple of weeks, which is a excellent piece of software and pfsense have done a great work in the integration.

      My question is related to ACL maybe snort doesn't know anything related to this stuff like squid does.

      Is possible to apply some rules to some LAN IP's for example, like a ACL?

      LAN IP-x u will be blocked by the rules social-media/media-streaming.
      LAN IP-y u will be blocked by rules media-streaming/webservices.

      Is possible this or snort doesn't work this way?

      Just curious, running latest pfsense 2.4.4_p2, thanks.

      Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
      www.bajaopensolutions.com
      https://www.facebook.com/BajaOpenSolutions
      Quieres aprender PfSense, visita mi canal de youtube:
      https://www.youtube.com/c/PedroMorenoBOS

      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by bmeeks

        Snort can use the OpenAppID Layer 7 detection preprocessor to do what you want. You will have to write your own custom rules, though. Some info to get you started can be found here: https://docs.netgate.com/pfsense/en/latest/ids-ips/setup-snort-package.html#application-id-detection-with-openapp-id. To get a feel for writing your own rules (or copying and then customizing one of the existing rules), enable OpenAppID as shown in this doc. Then go to the RULES tab and open some of the OpenAppID rule category files from the drop-down selector. They will all have the prefix "openappid".

        And here is a YouTube video produced by a third-party showing the use of OpenAppID: https://www.youtube.com/watch?v=-GgqYq5-EBg.

        periko 1 Reply Last reply Reply Quote 0
        • periko
          periko @bmeeks last edited by

          @bmeeks reading learning, thanks again!!!

          Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
          www.bajaopensolutions.com
          https://www.facebook.com/BajaOpenSolutions
          Quieres aprender PfSense, visita mi canal de youtube:
          https://www.youtube.com/c/PedroMorenoBOS

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy