1. Home
  2. pfSense Packages
  3. IDS/IPS
  4. Ability to runs snort as IPS

Ability to runs snort as IPS

  • G

    Hi

    I've just configured Netgate with snort and written some custom signatures. I've noticed that I had to enable an alert, rather than a drop and assume that this then triggers a firewall rule to drop the traffic, so the 1st packet flow that triggers the rule is permitted, then subsequent packets are blocked.

    My Q is, is there any way to run snort as a pure IPS (so packets flow through and are blocked, rather than allowing the triggering packet through and then blocking the IP address).

    If there is no way with Snort, would Suricata be a valid method to do this ?

    Many thanks

    0 bmeeks 1 Reply
  • bmeeks

    @gbqs
    Snort cannot run as a true inline IPS at this time on pfSense. Suricata can providing you have NIC hardware whose drivers fully support Netmap on FreeBSD. Not all do, so beware.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy