Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort 1.0.1 bug?

    pfSense Packages
    3
    9
    3108
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yoda715 last edited by

      After upgrading to 1.0.1, I noticed that IP's that are in my whitelist are now showing up in the blocked tab when they produce an alert. Is that the way it was intended to work?

      1 Reply Last reply Reply Quote 0
      • S
        sullrich last edited by

        No, but there was no code changes from 1.0 to 1.0.1 in this regard.

        Do the ip's that you have defined show up in /var/db/whitelists ?

        1 Reply Last reply Reply Quote 0
        • Y
          yoda715 last edited by

          I get a file not found when I try to load that file through edit file.

          1 Reply Last reply Reply Quote 0
          • S
            sullrich last edited by

            @yoda715:

            I get a file not found when I try to load that file through edit file.

            Sorry, it's /var/db/whitelist

            1 Reply Last reply Reply Quote 0
            • Y
              yoda715 last edited by

              Yep, they are there. Oddly enough, so are the ones I removed awhile back. The ones I removed previously before upgrade are just at the beginning of the list.

              1 Reply Last reply Reply Quote 0
              • Y
                yoda715 last edited by

                I believe snort is causing the rrd graph issue I also reported. I added the gateway for the WAN interface to the whitelist, since snort was blocking the ping. It has not resolved the rrd graph issue and snort is still blocking it. I even tried removing the IP from the blocked tab and it was inserted back into the blocked list a minute afterwards.

                1 Reply Last reply Reply Quote 0
                • Y
                  yoda715 last edited by

                  Something else I noticed in the log. I assume its new since I haven't seen it before.

                  Oct 30 02:12:45 SnortStartup[1290]: Ram free BEFORE starting Snort: 16M – Ram free AFTER starting Snort: 286M -- Mode lowmem -- Snort memory usage: 133M

                  That line though is incorrect. Ram usage before I started snort was only at 11% (out of 512mb). Also, I am not running in lowmem mode, I am running in sparsebands.

                  1 Reply Last reply Reply Quote 0
                  • H
                    hoba last edited by

                    Scott was already working on this yesterday:

                    http://cvstrac.pfsense.com/chngview?cn=15171
                    http://cvstrac.pfsense.com/chngview?cn=15172

                    Not sure if that already fixed it, haven't tested it yet. Reinstall the package and let us know  ;)

                    1 Reply Last reply Reply Quote 0
                    • Y
                      yoda715 last edited by

                      Looks like it fixed it.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post