Snort and Mac OS X users



  • I enabled Snort on embedded pfSense 1.2.3 and found the Mac users (including myself) were invariably being blocked. Tried to suppress the alerts associated with the legitimate Mac traffic, but this never worked.



  • I've been running my Mac behind pfSense (with Snort, Squid, Squidguard, Denyhosts, Fit123, and HAVP) for months. I suspect it has nothing to do with your Mac, other than perhaps a setting being off. How is Snort configured?



  • I just had the standard config, didn't change anything. I had a few rules enabled and then turned them all of to see if that would help.



  • @sollostech:

    I just had the standard config, didn't change anything. I had a few rules enabled and then turned them all of to see if that would help.

    Again…I doubt it has anything to do with the operating system. You might want to check firewall settings on the local (LAN) machines to make sure you don't have a conflict.



  • Don't have any firewall on the machines themselves. I assumed it was a Mac issue only because reading in the forums on my issue I found other posts that had identified the issue with Mac visitors. I will try it again, but set Snort to not block the visitor and just give me the alert error so I can work on figuring this out. Not sure why the exceptions I tried to put it didn't do anything, I guess I did something incorrect.



  • Use the threshold.conf to suppress the alerts you get.
    Search the forums on how to do that.

    James


Locked