Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort will not download snort rules.

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 4 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vito
      last edited by

      It appears right after the last update, snort will no longer download snort rules. Other rules are downloading fine.

      Error in logs

      snort[24521]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort/snort_33581_em0//usr/local/etc/snort/snort_33581_em0/reference.config": No such file or directory.

      Already uninstalled and reinstalled.

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • C
        Cino
        last edited by

        i did a reinstall this morning and my updates downloaded fine. If your using the free snort rules, snot only allows you to update once an hour i believe.

        1 Reply Last reply Reply Quote 0
        • C
          Cino
          last edited by

          i see the issue you are having… when you update your rules or reboot your box does snort startup?

          1 Reply Last reply Reply Quote 0
          • E
            eri--
            last edited by

            Fixed.
            Try after 15 minutes.

            1 Reply Last reply Reply Quote 0
            • V
              vito
              last edited by

              ok…after looking into this more i don't think it was a snort issue.

              I went to check snort.org to make sure nothing was up with my oki code.
              It appears openDNS is blocking snort.org
              "This host was blocked by OpenDNS in response to the Conficker virus, the Microsoft IE zero-day vulnerability, an equally serious vulnerability, or some other threat.

              If you think this shouldn't be blocked, please email us at malware-block@opendns.com."

              pf is setup to use opendns, once i changed the dns servers the rules would update.
              Sorry for the confusion. :(

              1 Reply Last reply Reply Quote 0
              • I
                ipv6kid
                last edited by

                Why the hell is OpenDNS blocking Snort.org of all places? Does this mean "all their clients" networks are not able to reach the SNORT.org VRT updates?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.