Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort - ET Rules not available for LAN interface

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Surtr
      last edited by

      I have snort 2.9.0.5 pkg v. 2.0 on pfsense 2.0 release.  I've had it working fine on my WAN interface using both the ET and snort rules.  I recently started monitoring my LAN interface and it's working fine EXCEPT that for some reason I cannot seem to get the Emerging Threats categories available under the interface options.  All the snort rules show up fine and are working correctly, however the rules I really want to use on the LAN are in the ET categories.  I've tried updating the rules, recreating the interface monitor, disabling / enabling ET downloads and I still can't get it to show up.  I am at a loss here.  I can't find any logs giving me any errors or anything.

      Anybody have any ideas to maybe help point me in the right direction?

      1 Reply Last reply Reply Quote 0
      • S
        Seb
        last edited by

        I had the same issue.  In the end, I decided I didn't need Snort running on my LAN interface. But I had a lot of weirdness getting the right rules in the right places, e.g. I had the same problem on my WAN interface too, on one of my pfSense 2.0 boxes, but not it's mirror copy. For the WAN interface I found the rules were in a subdir of the rules directory also called rules.  So I just copied everything in /usr/local/etc/snort/snort_XXXXX_XXX/rules/rules to /usr/local/etc/snort/snort_XXXXX_XXX/rules/ and then removed the subdirectory.  Seemed to work for me.  YMMV.  Sounds like a bug that can happen under some circumstances…

        P.S. Another solution to this or another problem (I forget how I solved each problem as there have been several) was to remove the md5 file for e.g. emerging.rules.tar.gz.md5 or snortrules-snapshot-2905.tar.gz.md5 and then run an update.  Then it will fetch a new copy of the rules and extract it.  Again, YMMV.

        Let me know if either of these work for you.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.