Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort acting very weird!

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • _
      _igor_
      last edited by

      snort is acting extremly weird:

      I have enabled at the "whitelists"-section
      Add WAN IPs to the list.
      Add WAN Gateways to the list.
      Add WAN DNS servers to the list.
      Add Virtual IP Addresses to the list.
      Add VPN Addresses to the list.

      So i encountered that i have to manually put every WAN-IP from my ISP to the Whitelist, if not, snort disables all traffic everytime. (Needs some time, but WILL do that!) So i think, it doesn't work as expected.

      Second thing is that some websites are blocked without any alert nor appearing under "blocked", which is weird too.
      One site which is blocked without any alert is http://www.maha-online.de/. I have to disable snort completely to get access to that site.

      Changes in whitelists seem to have no effect if snort isn't completely disabled and enabled again. If not, the whitelist isn't actualized.
      When i disable snort and enable it again, the whole blocked-section is empty, even with "remove blocked hosts" set to "never".

      I'm using snort with amd64 full install, snort is 2.8.6.1 pkg v. 1.35.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.