Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    error when adding custom snort rule

    webGUI
    2
    2
    133
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      markus_muehleisen
      last edited by

      Hello to all,

      I hope this is the right place to ask my question - if not, plesase tell me where the question has to be posted.

      Situation:
      I try to add a rule to pfsense / snort in order to monitore smtp communication trials from intern to wan. To do this I tried to add this custom rule to the relevant wan network interface in snort:

      alert tcp 10.0.0.0/8 ![10.0.0.0/8] any -> 192.168.101.0 [25,465,587] (msg:"Verbindungsversuch zu externem SMTP-Server via Telekom1"; sid:100000; classtype:attempted-recon; priority:2; )

      When I click save I get this error message:

      The following input errors were detected:

Custom rules have errors: Fatal Error, Quitting..>> ^

      Question:
      what am I doing wrong here?

      Thanks for any hint.
      Markus

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by bmeeks

        Your rule has a syntax error. I believe this is an invalid address specification:

        10.0.0.0/8 ![10.0.0.0/8]

        And you should post questions related to the IDS/IPS packages (Snort and Suricata) in the IDS/IPS sub-forum here: https://forum.netgate.com/category/53/ids-ips.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.