Pfsense Snort not blockig



  • Greetings to Community members,

    I just installed snort package and did some basic configuration,

    LAN Catogeries:

    Enabling : Resolve Flowbits
    Enabling : Use IPS Policy
    IPS Policy Selection : Security

    Select the rulesets (Categories) Snort will load at startup

    Only selected : openappid-vpn_tunneling.rules and openappid-proxy.rules

    In "Available Rule Categories" I've disable all other except above two categories.

    LAN Settings:

    Enabling : block offender
    Enabling : Kill state
    Enabling : which ip to block : Both

    Search Mehtod : AC-BNFA

    thats all started the service . yet nothing is blocked :/ . I wanted to block layers7 apps some vpn tunnels including open vpn for my client so that wont be able to bypass my pfblocker.

    Regards



  • Yet no response regarding this abnormal behavior of snort?



  • This post is deleted!


  • You said you just installed Snort...how do you know it's not blocking? Did you visited a site that's supposed to be blocked, yet you went to the site?



  • @NollipfSense said in Pfsense Snort not blockig:

    You said you just installed Snort...how do you know it's not blocking? Did you visited a site that's supposed to be blocked, yet you went to the site?

    Its not blocking when I try to connect my openvpn client it does connect me to my vpn server which suppose to be blocked as per rule?

    Regards



  • @scorpoin said in Pfsense Snort not blockig:

    @NollipfSense said in Pfsense Snort not blockig:

    You said you just installed Snort...how do you know it's not blocking? Did you visited a site that's supposed to be blocked, yet you went to the site?

    Its not blocking when I try to connect my openvpn client it does connect me to my vpn server which suppose to be blocked as per rule?

    Regards

    The default Pass List will whitelist locally attached networks including your VPN. If you don't want that default action, then you will need to create your own custom pass list.


Log in to reply