• Hello:

    I have installed pfsense 1.0.1 with snort

    In the tab for snort settings (services -> snort), It is NOT checked the 'block offenders' check box to avoid blocking IPs that has generated a false positive snort alert. But sometimes when an alert is generated by Snort the IP is blocked and add to the 'snort blocked' list.
    I would like only, if it is possible, to generate alerts and not to block in any case any IP.

    Is it possible?

    Thanks, Angel.

  • Hello:

    Also, although the blocked IPs are in the whitelist (I can see them in the webgui interface and in the /var/db/whitelists file) they are blocked when an alert is generated :-(
    Is there any bug?


  • I'm seeing the same thing.  I guess it's good to see I'm not the only one  :-\

    This is on a new install of the machine so Snort is the latest version.