Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How do i suppress this rule

    Scheduled Pinned Locked Moved pfSense Packages
    14 Posts 6 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NightHawk007
      last edited by

      (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE lastest version of snort i updated today .

      1 Reply Last reply Reply Quote 0
      • RonpfSR
        RonpfS
        last edited by

        http://forum.pfsense.org/index.php/topic,41533.msg220902.html#msg220902

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • I
          ipv6kid
          last edited by

          BUMP

          This rule is not being suppressed even though I believe I have everything correctly written in SNORT > Suppress:
          suppress gen_id 120, sig_id 3

          I've restarted Snort and also restarted the entire PFsense router and SNORT 2.0 is still throwing alerts for this SID.

          What's the issue?

          1 Reply Last reply Reply Quote 0
          • I
            ipv6kid
            last edited by

            I am getting the following SNORT startup message in system.log:

            Nov 12 16:29:45 www snort[1955]: +–---------------------[suppression]–----------------------------------------
            Nov 12 16:29:45 www snort[1955]: +–---------------------[suppression]–----------------------------------------
            Nov 12 16:29:45 www snort[1955]: | none
            Nov 12 16:29:45 www snort[1955]: | none
            Nov 12 16:29:45 www snort[1955]: –-----------------------------------------------------------------------------
            Nov 12 16:29:45 www snort[1955]: –-----------------------------------------------------------------------------

            It seems that my suppression rule isn't being activated somehow…...

            1 Reply Last reply Reply Quote 0
            • C
              Cino
              last edited by

              after you created the list, did you select that list under the interface config page?

              1 Reply Last reply Reply Quote 0
              • I
                ipv6kid
                last edited by

                No I did not, and that seemed to be the problem. Didn't know I had to do that… thanks girlfriend!
                @Cino:

                after you created the list, did you select that list under the interface config page?

                1 Reply Last reply Reply Quote 0
                • N
                  NightHawk007
                  last edited by

                  @Cino:

                  after you created the list, did you select that list under the interface config page?

                  Where is this page located i can't seem to find it .With problem i can't search the internet at all i keep getting the rule blocked .

                  1 Reply Last reply Reply Quote 0
                  • RonpfSR
                    RonpfS
                    last edited by

                    Uncheck Block offenders until you fix the suppress rule and still have internet access.

                    It is under Snort: Interface Edit: (If settings) Suppression and filtering

                    2.4.5-RELEASE-p1 (amd64)
                    Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                    Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                    1 Reply Last reply Reply Quote 0
                    • ?
                      A Former User
                      last edited by

                      @RonpfS:

                      Uncheck Block offenders until you fix the suppress rule and still have internet access.

                      It is under Snort: Interface Edit: (If settings) Suppression and filtering

                      I just have snort turned off .Tried to suppress rule and nothing works

                      1 Reply Last reply Reply Quote 0
                      • RonpfSR
                        RonpfS
                        last edited by

                        Did you remove your WAN IP from the Blocked list?

                        2.4.5-RELEASE-p1 (amd64)
                        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                        1 Reply Last reply Reply Quote 0
                        • ?
                          A Former User
                          last edited by

                          @RonpfS:

                          Did you remove your WAN IP from the Blocked list?

                          MY ip was never blocked

                          1 Reply Last reply Reply Quote 0
                          • D
                            dwood
                            last edited by

                            In the "for what it's worth category" this message, and my need to suppress it (amd64 V2.0), disappeared with an uninstall of SNORT and reinstall with the updated 2.9.1 package.

                            Previous to that, everything was being blocked and the event log was being flooded with HTTP_INSPECT events.

                            1 Reply Last reply Reply Quote 0
                            • RonpfSR
                              RonpfS
                              last edited by

                              2011-11-12 00:05:24	Daemon.Notice	x.x.x.x	snort[33078]: | gen-id=120    sig-id=3          type=Suppress  tracking=none filtered=109
                              

                              I still get them  :-[

                              2.4.5-RELEASE-p1 (amd64)
                              Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                              Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                              1 Reply Last reply Reply Quote 0
                              • I
                                ipv6kid
                                last edited by

                                Youtube Video

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.