Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Alert for IP on blocklist

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 3 Posters 367 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      efny
      last edited by efny

      Quick question - will a Snort Alert be generated for a bruteforce attempt from an IP that is already included on the pfblockerNG block list?

      That seems to be happening for me, and I thought that pfblocker processing happened before Snort.

      Thanks in advance.

      S NollipfSenseN 2 Replies Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @efny
        last edited by

        @efriedman If you have Snort/Suricata on WAN, it sees the packets before the firewall, so will scan all packets that will be dropped anyway. On LAN Snort is after the firewall, as the packet travels to LAN. IOW, it is always "outside" the firewall. So, one should generally run it on LAN.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • NollipfSenseN
          NollipfSense @efny
          last edited by

          @efriedman Snort would see things before pfBlockerNG, I believe...

          pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
          pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.