Snort Package v4.0_1 -- Release Notes

  • Snort v4.0_1
    An update for the Snort package on pfSense-2.5-DEVEL has been posted. This update includes a bug fix for the error "... PID filename suffix too long ..." that users attempting to run Snort on VLAN or PPPoE interfaces are receiving.

    Do not simply execute a package reinstall for this update! Instead, remove the Snort package from your firewall and then install it again. Your settings will be preserved if you have the "Save Settings" checkbox enabled on the GLOBAL SETTINGS tab. That setting is enabled by default.

    This update changes a core PHP include file within the Snort package. In order for this file to get updated and the updated code used by the package, the PHP file cache for the current session has to be dumped. That can only happen when you first remove a package and then go back and install it again.

    Change Log:

    1. Edit references to the OpenAppID text rules on the GLOBAL SETTINGS tab to use a more appropriate description.

    2. On the INTERFACES tab, indicate the type of blocking mode (Inline IPS or Legacy Mode) currently configured for the interface.

    3. Deprecate the use of the interface UUID parameter for determining the current status of Snort or Barnyard2 on an interface (stopped or running).

    Bug Fixes:

    1. Remove use of UUID parameter as part of the Snort PID filename in /var/run to prevent Snort startup failure due to the PID filename suffix exceeding 11 characters when running Snort on VLAN or PPPoE interfaces.

    2. Fix cosmetic icon display bug on INTERFACES tab that prevented update of Snort and Barnyard2 status for real interface names containing a period such as VLAN interfaces.

Log in to reply