Snort Satus



  • Greetings,
    Just curious on the status of the Snort package's development. We've been looking to leverage pfSense in an educational environment to start off with educating on NAT and firewalls, then progressing to IDS/IPS. pfSense has great potential for us, but our one gotcha is that we want our students to write custom rules, THEN once they've got the basics down, we'll allow them to download the rulesets from emerging threats/snort.
    I've been looking to see if we can easily have students write rules using the shell, but that looks a bit too cumbersom for a classroom, but that question in itself seems to have been beat to death on the forums.
    So- just wondering how the development of the Snort package's UI is coming; once complete it'll be an awesome and very well rounded snort interface!



  • current stable release of snort package is broken, because it will not download latest update, as far as i know there's major rewrite for snort… but I've not heard from the author of packages for quite some time, make us wonder if he's really working on it or not?



  • I been really busy with work and personal relationships so sorry for the delay.
    I can only really code the snort rewrite like 2 hours a day, as this is free project of mine.
    You guys have to realize there is a lot of work that has to be done (move from xml to sqlite, replace my IPS code with SnortSam and recode SnortSam to work with snort 2.9  etc… ).

    I have to make time for the snort package because snort 2.8.6 is at EOL.

    Work on Pfsense snort package is moving steady, be patient.

    James



  • Thanks for all your FREE work James. I have been around pfsense for a while now and recognize that you are indeed a true talent to accomplish the work you contribute in the time you have available.

    That being said. After reading a thread from cdx4053 (or something) complaining that snort is broken again I have become annoyed. This is not the first attempt to try to explain to him how snort and the snort package are separate entities. The fact that the snort package can only be reactive to what the developers of snort do and not proactive. So when a major snort update occurs the pfsense package can break from time to time.

    Instead of complaining about it. DO something about it. If you can't then please refrain from opening your mouth. No one else wants to hear crying.



  • Apologies as my reply is a bit late as well, but I must say I fully understand and appreciate all of the effort that's been put into the Snort package for pfSense. As soon as the package is ready, I guarantee you there will be a minimum of 120 fresh/new/green IT/sysadmins per year from our university that have been taught the Snort platform as implemented by you. Even before the new package is spiffed up, we're still going to be using the currently available package to teach students. pfSense and the Snort package are as close as we've been able to come to give our Network Security students hands on access to a 'real world' firewall/IPS. You're more than welcome to wear that badge proudly; it's an impressive effort.
    As far as we're concerned, the feature we're looking for (custom rules) is just so we can start with some basic 'hello world' snort rules, but we aren't tied to pfSense for that.

    Once again, thanks for your great effort JamesDean, we certainly appreciate it.



  • Not sure where to post this, so I use this thread ;)

    Downloading http://www.pfsense.com/packages/config/snort/bin/8.1x64/mysql-client-5.1.53.tbz …  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/mysql-client-5.1.53.tbz.
    of mysql-client-5.1.53 failed!

    Seems like this mysql-client isn't available there :)

    edit: nvm, found a solution but keep it for the devel.



  • Thanks for all the kind words I really do appreciate it. Reading just a few words of encouragement  really makes me appreciate the Pfsense snort community.

    The reason this update has been taking so long is that I been hitting wall after wall.
    1: I been really swamped at work,
    2: snortsam for snort 2.9.0.3 needed to be updated witch I did and submitted the patch upstream.
    3: Snort 2.9 is not even in the freebsd port tree, so I been working with people to update the port.

    Good news is that all the ports are all done as of tonight and im testing them.

    Pfsense Snort for 2.0 will be done when its done. Please be patient.

    james



  • Thanks Jamesdean for all your work on the snort package. Looking forward the 2.0 release



  • Take your time, James… no worries. Your work is VERY appreciated. ;)


Log in to reply