error when adding custom snort rule
-
Hello to all,
I hope this is the right place to ask my question - if not, plesase tell me where the question has to be posted.
Situation:
I try to add a rule to pfsense / snort in order to monitore smtp communication trials from intern to wan. To do this I tried to add this custom rule to the relevant wan network interface in snort:alert tcp 10.0.0.0/8 ![10.0.0.0/8] any -> 192.168.101.0 [25,465,587] (msg:"Verbindungsversuch zu externem SMTP-Server via Telekom1"; sid:100000; classtype:attempted-recon; priority:2; )
When I click save I get this error message:
The following input errors were detected: Custom rules have errors: Fatal Error, Quitting..>> ^
Question:
what am I doing wrong here?Thanks for any hint.
Markus -
Your rule has a syntax error. I believe this is an invalid address specification:
10.0.0.0/8 ![10.0.0.0/8]
And you should post questions related to the IDS/IPS packages (Snort and Suricata) in the IDS/IPS sub-forum here: https://forum.netgate.com/category/53/ids-ips.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.