Pf firewall and snort not killing states



  • hi everyone,

    i have a weird problem running Snort2.8.5.3 pkg v. 1.19 on pfsense 1.2.3. When snort blocks an ip, the corresponding state is not removed from the state table. Neither pf nor snort don't kill the corresponding states of a blocked ip (which means that the existing connections from an offending ip are not blocked, only new connections are).

    Why does pf not kill the states ? any ideas ?

    By the way, snort is supposed to be the inline version. Why is drop rule action not working ? I manually edited the snort rules but anything other than alert (rule action) is simply ignored. Is this the default behaviour or a bug ?

    Thanks.


Log in to reply