Snort Feature Request: Advanced Options text field.

Numbski

I have a problem.  I have all sorts of snort decoder alerts that are causing otherwise harmless hosts to get blocked.  Even website traffic gets blocked.

I did manage to get these problems to go away by adding this to my snort.conf file:

config disable_ttcp_alerts
config disable_tcpopt_alerts
config disable_ipopt_alerts
config disable_decode_alerts

Just because this worked well for me, doesn't mean it works well for everyone else, plus the changes are lost after a reboot (presumably because snort.conf gets re-written at bootup).  So I wonder if adding an advanced options text field would be appropriate, that way the changes get written to config.xml and rendered in at bootup?

Thanks!

sullrich

@Numbski:

I have a problem.  I have all sorts of snort decoder alerts that are causing otherwise harmless hosts to get blocked.  Even website traffic gets blocked.

I did manage to get these problems to go away by adding this to my snort.conf file:

config disable_ttcp_alerts
config disable_tcpopt_alerts
config disable_ipopt_alerts
config disable_decode_alerts

Just because this worked well for me, doesn't mean it works well for everyone else, plus the changes are lost after a reboot (presumably because snort.conf gets re-written at bootup).  So I wonder if adding an advanced options text field would be appropriate, that way the changes get written to config.xml and rendered in at bootup?

Thanks!

Done!  Simply reinstall the package in about 5+ minutes and the option should appear in the settings screen as a large textarea box.

Numbski

Thanks Scott, on a Sunday no less.  :o

sullrich

@Numbski:

Thanks Scott, on a Sunday no less.  :o

I've been working all weekend on pfSense anyways, no biggie.