Snort on WAN with Dynamic IP (PPPoE)



  • Hello to everybody and thanks to makers of pfSense and the Snort package!

    I have a problem with using Snort on WAN with Dynamic IP (PPPoE)
    It seams that Snort does not update the default Whitelist with the new Wan IP.

    WAN Interface (German T-Online DSL) :
    **IP address  91.12.136.237 **
    Subnet mask 255.255.255.255
    Gateway 217.0.118.33
    ISP DNS servers 217.237.151.115
    217.237.148.102

    Default Whitelist:
    $ cat /var/db/whitelist
    192.168.100.0/24
    192.168.1.0/24
    172.19.255.252/30
    91.12.161.110
    217.0.118.33
    217.237.151.115
    217.237.148.102
    127.0.0.1

    Therefore snort generates alerst and Blocks his own WAN IP.
    I alredy add the Suppress for (portscan) ICMP Sweep suppress gen_id 122, sig_id 25
    but i thing the correct solution needs more than just suppress the alerts.

    Is it possible to run Snort with dynamic IP?
    How to setup a Cronjob to Restart Snort ?

    Thanks for anny suggestions.


Log in to reply