Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    snort - LEGACY MODE ?

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudakC
      chudak
      last edited by

      Hello all,

      My snort configuration shows LEGACY MODE for Blocking Mode

      48dd5fb3-df99-4adf-9b4d-677f61fb8f1d-image.png

      Is it right?
      I am pretty sure it was something different (have not touched it for long time). Should I change it? How?

      Thx

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @chudak
        last edited by

        That's the default. See https://forum.netgate.com/topic/143812/snort-package-4-0-inline-ips-mode-introduction-and-configuration-instructions

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 1
        • bmeeksB
          bmeeks
          last edited by bmeeks

          Yes, as @teamits said, that is the original (and still default) blocking mode that uses a custom plugin along with the libpcap library. The new mode, Inline IPS, became available in a recent package update. The new mode, when enabled, uses the netmap kernel device. However, that mode is highly dependent on having a netmap-compatible NIC. Not all hardware can use Inline IPS mode, and some configurations won't work properly with that mode even when you have compatible hardware. Examples are PPPoE interfaces and certain VLAN setups.

          chudakC 1 Reply Last reply Reply Quote 0
          • chudakC
            chudak @bmeeks
            last edited by

            @bmeeks thx!

            I also used to have Barnyard2 enabled.
            See no in the interface line now. Is it some recent change ?

            bmeeksB 1 Reply Last reply Reply Quote 0
            • bmeeksB
              bmeeks @chudak
              last edited by

              @chudak said in snort - LEGACY MODE ?:

              @bmeeks thx!

              I also used to have Barnyard2 enabled.
              See no in the interface line now. Is it some recent change ?

              Barnyard2 was removed because it is no longer actively maintained in FreeBSD ports and it pulled in ancient mysql57 libraries that had unpatched security vulnerabilities that would never be patched because that version of mysql is deprecated.

              chudakC 1 Reply Last reply Reply Quote 1
              • chudakC
                chudak @bmeeks
                last edited by

                @bmeeks

                Thx!

                Happy Holidays!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.