Snort: List of blocked IPs not cleaned up
-
Using pfSense 2.0.1-RELEASE (i386) with Snort 2.9.1 pkg v. 2.1.1 with the setting "Remove blocked hosts every: 1 Hour" and "Block offenders: yes" for the Snort enabled interface, I found that the list of blocked IPs is not cleaned up and blocked machines remain blocked after the time penalty has elapsed.
Is this a known (minor) problem?
I have another machine with pfSense 1.2.3 where the list is properly maintained.
-
Also running Snort 2.9.1 pkg v. 2.1.1 with the blocked hosts set to be removed after one hour - this is working for me.
You have probably already tried toggling the snort service off/back on, but if not I would give that a try.
-
… the machine has even been restarted and the blocked entries still remain.
I'd probably to need to give some more details: snort is installed on the WAN side with no offenders being blocked and on the LAN side where only a Anti-P2P rules are activated and both source and destination offending addresses are blocked.
-
re-appy the Global Settings page and Interface Edit: If Settings page. This should re-create the missing cron job
-
re-appy the Global Settings page and Interface Edit: If Settings page. This should re-create the missing cron job
Yes, this seemed to have worked. The old entries were automatically deleted. Thanx.
-
re-appy the Global Settings page and Interface Edit: If Settings page. This should re-create the missing cron job
I was having the same issue, following the above worked for me as well. Thanks