Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort blocks src + dst ips. With whitelist nothing blocked, though alerts logged

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 1 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mxx
      last edited by

      Hi,

      I got some problems with Snort on 2.0-rc1 snapshot 20.3.11 (i386).

      At the beginning I used snort for my second "wan" interface (not named "wan") and tested it by adding p2p block rules for skype (I know it's quite difficult or nearly impossible to block Skype, but just for a test).

      Snort was configured just for my second WAN, not lan or any other if.

      As soon as a skype client started, snort blocked both the dest. ip of the server skype tried to connect to AND my public ip.
      Then I added my public ip manually to the whitelist and tried again.
      But then, Snort didn't block ANYTHING.

      Afterwards I removed my custom whitelist, disabled Snort on my second WAN and enabled it on my first WAN ('wan') and tried again.

      This time Snort successfully added my public ip to its default whitelist and so didn't block my wan ip.
      BUT it also didn't block any destination ip, although it logged alerts..

      Does anyone have any idea of what I might be doing wrong?

      Thank you very much for some help!

      1 Reply Last reply Reply Quote 0
      • M
        mxx
        last edited by

        Noone have any idea?

        I think it's strange that either snort blocks my public ip PLUS the destination ip (the one I actually want it to block) or it blocks nothing (if my public ip is in the whitelist), ALTHOUGH it logs the corresponding alerts..

        1 Reply Last reply Reply Quote 0
        • M
          mxx
          last edited by

          sorry for the bump, but I still have no solution to this problem.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.