Snort configuration problems



  • hello,

    i have installed the snort package, the service looks fine, i configured it and set snort to hear on the LAN and WAN-Interface. I test it with Nessus, but nothing happens…. From the console menue i started snort manually and snort logs a "compilation failure".

    A configuration failure? i am running the newest releng_snapshot.
    Greetings
    heiko











  • Correct me if I'm wrong but Snort should only be attached to lan, you want to block bad stuff coming in not your internal computers going out.

    Also if you are not using carp, uncheck the last option.



  • Ups, the description says "Select all WAN type interfaces". I´m confused but i will test it.



  • WAN is the network card that connects to the internet. LAN is the card the connects to the internal network. Snort detects and if enabled blocks computers from the internet (wan) attempting to connect to your computers (lan).



  • For the moment, snort can only be applied to one WAN interface.



  • yes, OK, i have tested it , for the initial start of snort after a complete reset to pfsense all works fine and the log is full. If i changed anything, for example "wan to lan" and back, the snort package is a little bit confused.

    The Service is started, but nothing happens, no logs… If i went "nessus" against the wan interface, nothing happens again.

    I don´t know, i think the package is not really clean, but maybe my test was incorrect...


Log in to reply