Snort on WAN with Dynamic IP (PPPoE)
-
Hello to everybody and thanks to makers of pfSense and the Snort package!
I have a problem with using Snort on WAN with Dynamic IP (PPPoE)
It seams that Snort does not update the default Whitelist with the new Wan IP.WAN Interface (German T-Online DSL) :
**IP address 91.12.136.237 **
Subnet mask 255.255.255.255
Gateway 217.0.118.33
ISP DNS servers 217.237.151.115
217.237.148.102Default Whitelist:
$ cat /var/db/whitelist
192.168.100.0/24
192.168.1.0/24
172.19.255.252/30
91.12.161.110
217.0.118.33
217.237.151.115
217.237.148.102
127.0.0.1Therefore snort generates alerst and Blocks his own WAN IP.
I alredy add the Suppress for (portscan) ICMP Sweep suppress gen_id 122, sig_id 25
but i thing the correct solution needs more than just suppress the alerts.Is it possible to run Snort with dynamic IP?
How to setup a Cronjob to Restart Snort ?Thanks for anny suggestions.