Snort 3 on Pfsense using snortrules-snapshot-29120
Does anyone know why does snort 3 of PFsense downloads the 29120 snapshot instead of the snort 3000 snapshot of subscribers rules? does it even make a difference?
bmeeks last edited by bmeeks
There is no Snort3 for pfSense. That package has not been created. I started working on it about a year ago, but have since put it back on the shelf as the differences between Snort 2.9.x and Snort3 are pretty huge.
There is a Snort3 binary package out there that is just the duplicate of what's in FreeBSD ports, but it is not optimized for use on pfSense and should NOT be installed on pfSense. And Snort3 would most definitely need the Snort3 rule set. That rule set is NOT compatible with the Snort 2.9.x family, and if you install Snort3 rules on pfSense you wil badly break both Snort and Suricata on pfSense. You also cannot use the Snort3 rules with Suricata as you will also badly break the Suricata install.
In summary, DO NOT install Snort3 on pfSense. If you choose to ignore that advice, then you are 100% on your own in terms of support with any problems that result.
Many thanks.. got it