• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort Inline drop/reject and pass/alert in rules

Scheduled Pinned Locked Moved IDS/IPS
1 Posts 1 Posters 207 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    johnnybee
    last edited by johnnybee May 22, 2023, 9:33 AM May 22, 2023, 9:32 AM

    Hi,
    I have:
    pfsense: 2.6.0
    snort: 4.1.6 (IPS mode: Inline)

    I'm trying to apply two rules, e.g. (this is just a simple example):

    pass icmp 192.168.0.10 any -> any any (msg:"CUSTOM ping"; sid:9990007;)
    drop icmp any any -> any any (msg:"CUSTOM ping"; sid:9990008;)

    I always have all ip blocked (also 192.168.0.10).

    I want to block all traffic except selected IP addresses.

    What rules should I save for this to work properly?

    Any help is welcome.
    Regards

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received