Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to unblock IP on pfSense+Snort using API or command line ?

    IDS/IPS
    2
    3
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      itmnetworks
      last edited by

      Hello,

      I need to create one way that I fill the blocked IP into one form on my NOC system and this IP need to be unblocked on Snort that running on pfSense.

      I'm not found the documentation about pfSense + Snort API or command line

      do you know how I can do this ?

      very thanks,
      Rodrigo

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by bmeeks

        Yes, you can do this via a simple script using the pfctl utility. It will be up to you to figure out how to make it work in your NOC setup.

        This is the command line to execute:

        /sbin/pfctl -t snort2c -T delete {$ip}

        where you replace {$ip} with the actual IP address you want removed. So assuming I wanted to "unblock" 10.10.1.1, I would execute:

        /sbin/pfctl -t snort2c -T delete 10.10.1.1

        Snort blocks by putting IP addresses into a predefined pf table called snort2c. You can list all of the IP addresses currently stored in that table, and thus get a list of currently "blocked" IPs, using this command:

        /sbin/pfctl -t snort2c -T show
        I 1 Reply Last reply Reply Quote 1
        • I
          itmnetworks @bmeeks
          last edited by

          @bmeeks perfect, very very very thanks

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.