Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense Snort not blockig

    Scheduled Pinned Locked Moved IDS/IPS
    6 Posts 4 Posters 694 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scorpoin
      last edited by

      Greetings to Community members,

      I just installed snort package and did some basic configuration,

      LAN Catogeries:

      Enabling : Resolve Flowbits
      Enabling : Use IPS Policy
      IPS Policy Selection : Security

      Select the rulesets (Categories) Snort will load at startup

      Only selected : openappid-vpn_tunneling.rules and openappid-proxy.rules

      In "Available Rule Categories" I've disable all other except above two categories.

      LAN Settings:

      Enabling : block offender
      Enabling : Kill state
      Enabling : which ip to block : Both

      Search Mehtod : AC-BNFA

      thats all started the service . yet nothing is blocked :/ . I wanted to block layers7 apps some vpn tunnels including open vpn for my client so that wont be able to bypass my pfblocker.

      Regards

      1 Reply Last reply Reply Quote 0
      • S
        scorpoin
        last edited by

        Yet no response regarding this abnormal behavior of snort?

        1 Reply Last reply Reply Quote 0
        • NogBadTheBadN
          NogBadTheBad
          last edited by NogBadTheBad

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • NollipfSenseN
            NollipfSense
            last edited by

            You said you just installed Snort...how do you know it's not blocking? Did you visited a site that's supposed to be blocked, yet you went to the site?

            pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
            pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

            S 1 Reply Last reply Reply Quote 0
            • S
              scorpoin @NollipfSense
              last edited by

              @NollipfSense said in Pfsense Snort not blockig:

              You said you just installed Snort...how do you know it's not blocking? Did you visited a site that's supposed to be blocked, yet you went to the site?

              Its not blocking when I try to connect my openvpn client it does connect me to my vpn server which suppose to be blocked as per rule?

              Regards

              bmeeksB 1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks @scorpoin
                last edited by

                @scorpoin said in Pfsense Snort not blockig:

                @NollipfSense said in Pfsense Snort not blockig:

                You said you just installed Snort...how do you know it's not blocking? Did you visited a site that's supposed to be blocked, yet you went to the site?

                Its not blocking when I try to connect my openvpn client it does connect me to my vpn server which suppose to be blocked as per rule?

                Regards

                The default Pass List will whitelist locally attached networks including your VPN. If you don't want that default action, then you will need to create your own custom pass list.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.