Snort Rules & Selective Blocking



  • Hello

    Just installed the snort package this past Sunday (02/04/2007).  Everything seems OK, except that when BLOCKING is enabled, as has been noted here before, every little alert blocks the respective IP address.  What I would love to have is the ability to set a class of rules (in particular WEB-CLIENT) to "LOG ONLY" and not block, etc.

    Can this be done in pfsense and/or snort and, if so, where and how?

    Mark



  • Yes it can be done in pfSense. It would be possible to specify which categories are to be blocked. I might do this soon when I get some free time.


Log in to reply