Problems: snorts Blocks IPs
I have installed pfsense 1.0.1 with snort 22.214.171.124_2.
In the tab for snort settings (services -> snort), It is NOT checked the 'block offenders' check box to avoid blocking IPs that has generated a false positive snort alert. But sometimes when an alert is generated by Snort the IP is blocked and add to the 'snort blocked' list.
I would like only, if it is possible, to generate alerts and not to block in any case any IP.
Is it possible?
Also, although the blocked IPs are in the whitelist (I can see them in the webgui interface and in the /var/db/whitelists file) they are blocked when an alert is generated :-(
Is there any bug?
I'm seeing the same thing. I guess it's good to see I'm not the only one :-\
This is on a new install of the machine so Snort is the latest version.