Snort Rules & Selective Blocking

  • Hello

    Just installed the snort package this past Sunday (02/04/2007).  Everything seems OK, except that when BLOCKING is enabled, as has been noted here before, every little alert blocks the respective IP address.  What I would love to have is the ability to set a class of rules (in particular WEB-CLIENT) to "LOG ONLY" and not block, etc.

    Can this be done in pfsense and/or snort and, if so, where and how?


  • Yes it can be done in pfSense. It would be possible to specify which categories are to be blocked. I might do this soon when I get some free time.

Log in to reply