Snort on WAN with Dynamic IP (PPPoE)
plumbum last edited by
Hello to everybody and thanks to makers of pfSense and the Snort package!
I have a problem with using Snort on WAN with Dynamic IP (PPPoE)
It seams that Snort does not update the default Whitelist with the new Wan IP.
WAN Interface (German T-Online DSL) :
**IP address 184.108.40.206 **
Subnet mask 255.255.255.255
ISP DNS servers 220.127.116.11
$ cat /var/db/whitelist
Therefore snort generates alerst and Blocks his own WAN IP.
I alredy add the Suppress for (portscan) ICMP Sweep suppress gen_id 122, sig_id 25
but i thing the correct solution needs more than just suppress the alerts.
Is it possible to run Snort with dynamic IP?
How to setup a Cronjob to Restart Snort ?
Thanks for anny suggestions.