Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    A question about snort?

    pfSense Packages
    2
    3
    1620
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cybervolkan last edited by

      I wonder how snort blocks a host?

      Does it write a temporary rule or with a package TCP_END?

      One more question?

      Can I, automaticly update rules from another site (not snort.org)?

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        Go to diagnostics>edit file and open /tmp/rules.debug. This is the pf configuration that is loaded. You'll see a section there where snort can add block items to the ruleset. It generates firewall block rules dynamically for offenders.

        There is no option to load rules from somewhere else than snort.org currently.

        1 Reply Last reply Reply Quote 0
        • C
          cybervolkan last edited by

          Thanks for reply…

          1 Reply Last reply Reply Quote 0
          • First post
            Last post