Snort on WAN with Dynamic IP (PPPoE)

  • Hello to everybody and thanks to makers of pfSense and the Snort package!

    I have a problem with using Snort on WAN with Dynamic IP (PPPoE)
    It seams that Snort does not update the default Whitelist with the new Wan IP.

    WAN Interface (German T-Online DSL) :
    **IP address **
    Subnet mask
    ISP DNS servers

    Default Whitelist:
    $ cat /var/db/whitelist

    Therefore snort generates alerst and Blocks his own WAN IP.
    I alredy add the Suppress for (portscan) ICMP Sweep suppress gen_id 122, sig_id 25
    but i thing the correct solution needs more than just suppress the alerts.

    Is it possible to run Snort with dynamic IP?
    How to setup a Cronjob to Restart Snort ?

    Thanks for anny suggestions.

Log in to reply