Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Quick question on snort's default rules directory

    pfSense Packages
    3
    4
    5.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfnoober
      last edited by

      pfsense 1.2.3 release
      snort 2.8.6, pkg 1.27

      When I go into the rule updates tab it displays a warning that /usr/local/etc/snort/rules directory is empty.  I did verify this by going into the shell and indeed there's nothing there.

      The thing is I already have a subdirectory created for my interface and the rules are stored there at:  /usr/local/etc/snort/snort_29189_fxp0/rules

      I've edited the /usr/local/etc/snort/snort.conf file, down around line 60, to:  var RULE PATH ../snort_29189_fxp0/rules but I can't see any difference.  If I press the update rules button it doesn't download anything and I'd prefer to get rid of that warning.  Should I just move all the rules to the default ../rules directory instead of my interface subdirectory?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Keep an eye on this thread for updates:

        http://forum.pfsense.org/index.php/topic,26382.45.html

        I'll try to fix this since it seems the usual maintainer hasn't been around in a while.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          pfnoober
          last edited by

          Thanks, I actually have been keeping an eye on the main thread you linked to.

          I realize my question may seem pretty stupid to others here, but I guess the main thing I was trying to ask was there any benefit to storing my rules in the interface's subdirectory rather than the general rules directory?

          1 Reply Last reply Reply Quote 0
          • D
            DigitalJer
            last edited by

            jimp has a proposed fix at the thread he links to above…

            –------------------------------------------------
            2.4.3-RELEASE (amd64)
            built on Mon Mar 26 18:02:04 CDT 2018
            FreeBSD 11.1-RELEASE-p7
            VM in ESXi 5.5
            1 x 1000baseTX (WAN)
            1 x 1000baseTX (LAN)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.