Snort 3: Feature request, per rule/category ability to block, unblock?



  • Snort 3 has been in development for years now and they have recently released a beta version.
    I understand from another Netgate forum post the 2.x.x.x version is too difficult to implement this functionality but am hopeful that with the Snort 3 release the ability to choose blocking per rule category might be possible.

    Just a thought. Thanks



  • This ability is now available for Snort 2.9.x on pfSense. It has just been released to pfSense-2.5-DEVEL this morning. It is called "Inline IPS Mode". The new package version is 4.0. It allows the user to configure specific rules or categories of rules to do one of the following: alert only, alert and drop or alert and reject. When using the new Inline IPS Mode, only DROP or REJECT rules will actually block traffic.

    I'm working on a "How-To" and set up post and will start a thread on that topic shortly.



  • Two great surprises in one day!

    Thanks again for your work.

    Bill


Log in to reply