Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    snort - LEGACY MODE ?

    pfSense Packages
    3
    6
    226
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudak
      chudak last edited by

      Hello all,

      My snort configuration shows LEGACY MODE for Blocking Mode

      48dd5fb3-df99-4adf-9b4d-677f61fb8f1d-image.png

      Is it right?
      I am pretty sure it was something different (have not touched it for long time). Should I change it? How?

      Thx

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS @chudak last edited by

        That's the default. See https://forum.netgate.com/topic/143812/snort-package-4-0-inline-ips-mode-introduction-and-configuration-instructions

        Steve

        Only install packages for your version, or risk breaking it. If yours is older, select it in System/Update/Update Settings.
        When upgrading, let it finish. Allow 10 minutes, or more depending on packages and device speed.

        1 Reply Last reply Reply Quote 1
        • bmeeks
          bmeeks last edited by bmeeks

          Yes, as @teamits said, that is the original (and still default) blocking mode that uses a custom plugin along with the libpcap library. The new mode, Inline IPS, became available in a recent package update. The new mode, when enabled, uses the netmap kernel device. However, that mode is highly dependent on having a netmap-compatible NIC. Not all hardware can use Inline IPS mode, and some configurations won't work properly with that mode even when you have compatible hardware. Examples are PPPoE interfaces and certain VLAN setups.

          chudak 1 Reply Last reply Reply Quote 0
          • chudak
            chudak @bmeeks last edited by

            @bmeeks thx!

            I also used to have Barnyard2 enabled.
            See no in the interface line now. Is it some recent change ?

            bmeeks 1 Reply Last reply Reply Quote 0
            • bmeeks
              bmeeks @chudak last edited by

              @chudak said in snort - LEGACY MODE ?:

              @bmeeks thx!

              I also used to have Barnyard2 enabled.
              See no in the interface line now. Is it some recent change ?

              Barnyard2 was removed because it is no longer actively maintained in FreeBSD ports and it pulled in ancient mysql57 libraries that had unpatched security vulnerabilities that would never be patched because that version of mysql is deprecated.

              chudak 1 Reply Last reply Reply Quote 1
              • chudak
                chudak @bmeeks last edited by

                @bmeeks

                Thx!

                Happy Holidays!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post