Snort stop blocking even alerts is shown !!?



  • Hi again
    Snort was working good but today it stops blocking IPs even it show it on the alert tab . I already checked the "Checking this option will automatically block hosts that generate a snort alert." and it didn't help. I reinstall it and also didn't help. i remove the package and install it again . Same problem . Now what is that ??



  • Any ideas ???
    The interesting thing is it is already show the alert but didnot block it …



  • Hi
    I have the same Issue, but dont know why the IPS isnt working.
    It would be a nice feature to select different rules for each Instance of snort running on different Interfaces.



  • Come on ! . there is should be a solution if you want pfSense to compete others
    beside i will not solve my problems every time alone //


  • Rebel Alliance Developer Netgate

    There must be something in your configuration causing this anomaly, as I just installed Snort on a test system, scanned it remotely, and lost all access.

    From a machine on the LAN side of the test system, I confirmed that it generated an alert and was on the block list, and upon returning to the other system I still could not get access.

    Only after manually removing the block entry was I able to regain remote access to that system.

    It seems to work exactly as expected for me.



  • I have been edit my snort.sh file as shown in the forums a while back open and edit yours to match the example if you need more help past your snort.sh file


Log in to reply