Snort Unable to Download VRT rules Error 422
-
When trying to download the VRT rules for Snort I am greeted with error 422.
Downloading Snort VRT ruels md5 file snortrules-snapshot-2990.tar.gz.md5... Snort VRT rules md5 download failed. Server returned error code 422. Server error message was: Snort VRT rules will not be updated.Snort 3.2.9.5_3
Snort package dependency 2.9.9.0_3
PFsense 2.3.4_1Any suggestions on how to download the VRT rules? PFsense and Snort both say they're up to date on my machine.
-
This appears to be an extraordinarily out-of-date system!
You need to update both pfSense itself and then after that the Snort package. Current versions are 2.7.2 for pfSense and 4.1.6_17 for the Snort package.
You are so far behind that pfSense cannot even read the new upgrade info to realize it is outdated. As for Snort, package versions are locked to the pfSense version they were compiled with. Snort in that pfSense branch is years out of date and will never be updated.
The current underlying Snort binary version is 2.9.20 and the rules for Snort are locked to the binary version. It's possible the 2.9.9.0 rules package has been deprecated by the Snort team.
In your case, the best course of action would be to backup the config, save it offline, then download and install the 2.7.2 CE version of pfSense. After installation, you can try importing the old config backup.
Edit: I logged into the Snort VRT site and the rules archive for 2.9.9.0 has been removed. The oldest file there now is 2.9.11 while the current version is 2.9.20. Because rules versions are locked to the binary version, you can only use Snort VRT rules packages that match your binary version. Thus you will have to update both pfSense and Snort to their latest versions if you wish to continue using the package with updated rules.
