Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Package Update to v2.9.13 (binary) and v3.2.9.8_6 (GUI) - Release Notes

    Scheduled Pinned Locked Moved IDS/IPS
    5 Posts 3 Posters 907 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB
      bmeeks
      last edited by

      A Snort package update has been posted to the pfSense 2.5-DEVEL tree. The update includes the latest 2.9.13 Snort binary, fixes two GUI package bugs and enhances some existing Snort GUI features.

      Release notes for the 2.9.13 Snort binary can be found here.

      After a testing period on pfSense-2.5-DEVEL, the update will be ported to the current 2.4.x-RELEASE tree.

      GUI Package Feature Updates

      1. Change the base URL for ET-Open rules to use HTTPS (https://rules.emergingthreats.net/).
      2. Change the base URL for OpenAppID free rules to use HTTPS (https://files.pfsense.org/openappid/).
      3. Change the IP REP tab code so IP Reputation preprocessor configuration edits restart Snort instead of causing it to stop when already running. This is necessary because any IP REP changes require a Snort restart on the interface.

      GUI Package Bug Fixes

      1. IP REPUTATION tab has cosmetic issues when choosing an IP blacklist for the interface.
      2. When updating package (via a reinstall) without Snort VRT rule download enabled the unicode.map file is clobbered rendering Snort unable to start.
      1 Reply Last reply Reply Quote 1
      • L
        l0rdraiden
        last edited by

        Does this version of Snort already do block in inline mode?

        bmeeksB 1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks @l0rdraiden
          last edited by

          @l0rdraiden said in Snort Package Update to v2.9.13 (binary) and v3.2.9.8_6 (GUI) - Release Notes:

          Does this version of Snort already do block in inline mode?

          No, Snort cannot do inline mode blocking on pfSense like Suricata can. That is potentially on the horizon, but I don't have a timeline for when.

          1 Reply Last reply Reply Quote 0
          • S
            Simbad
            last edited by Simbad

            Hi, why don't you update openappid? (https://files.pfsense.org/openappid/).

            https://blog.snort.org/2019/04/update-to-snort-openappid-detectors.html

            bmeeksB 1 Reply Last reply Reply Quote 0
            • bmeeksB
              bmeeks @Simbad
              last edited by bmeeks

              @Simbad said in Snort Package Update to v2.9.13 (binary) and v3.2.9.8_6 (GUI) - Release Notes:

              Hi, why don't you update openappid? (https://files.pfsense.org/openappid/).

              https://blog.snort.org/2019/04/update-to-snort-openappid-detectors.html

              You are confusing the available free OpenAppID rules (written by a third-party and hosted by Netgate) with the OpenAppID rule stubs which are produced by the Snort team. That post on the Snort blog was about the rule stubs. These are two separate things, but you need both for OpenAppID to work. The rule stubs (the portion produced by the Snort team) will automatically update at your next rules update after they are posted to the Snort site. The free OpenAppID rules, on the other hand, only update if and when the third-party author (who was affiliated with a University in Brazil) makes a change. I don't think he has made any changes in quite some time.

              The rule stubs are the foundation upon which OpenAppID works, but without the text rules written by that third-party OpenAppID does not work. You are also free to create your own OpenAppID rules using the latest features afforded by the new rule stubs. You can add them as Custom Rules on the RULES tab.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.