Snort Rules & Selective Blocking
Just installed the snort package this past Sunday (02/04/2007). Everything seems OK, except that when BLOCKING is enabled, as has been noted here before, every little alert blocks the respective IP address. What I would love to have is the ability to set a class of rules (in particular WEB-CLIENT) to "LOG ONLY" and not block, etc.
Can this be done in pfsense and/or snort and, if so, where and how?
Yes it can be done in pfSense. It would be possible to specify which categories are to be blocked. I might do this soon when I get some free time.