Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    A question about snort?

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cybervolkan
      last edited by

      I wonder how snort blocks a host?

      Does it write a temporary rule or with a package TCP_END?

      One more question?

      Can I, automaticly update rules from another site (not snort.org)?

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Go to diagnostics>edit file and open /tmp/rules.debug. This is the pf configuration that is loaded. You'll see a section there where snort can add block items to the ruleset. It generates firewall block rules dynamically for offenders.

        There is no option to load rules from somewhere else than snort.org currently.

        1 Reply Last reply Reply Quote 0
        • C
          cybervolkan
          last edited by

          Thanks for reply…

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.