• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort Blocking

pfSense Packages
1
1
1.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    ketchup
    last edited by Feb 11, 2012, 5:13 PM

    Hello Everyone,

    I have recently switched to pfSnese from IPCop.  I am loving the change so far!

    I have configured Snort with blocking on my firewall.  I would like to exclude some rules from automatic blocking.  Some rules, such as the Shellcode ones generate quite a bit of false positives in my implementation.  I am not able to find a way to do this in the GUI.  The host whitelist feature won't work for me because there are too many.  I also don't want to suppress the noisy rules because I would like to see the alerts and investigate manually.  I was going to edit the configuration files and was hoping that someone can point me in the right direction.  My questions are:

    1.  Which snort.conf does the Snort package use in pfSense?  I have two, /usr/local/etc/snort/snort.conf and /usr/local/etc/snort/snort_14918_bge0/snort.conf?

    2. This directive seems to be ignored:  portvar SHELLCODE_PORTS !80.  Does pfSense not use this VAR or is there something wrong with my config?

    3.  Where does pfSense configure blocking in Snort?

    Thanks in advance!

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.