Snort blocking ISP



  • Hi,

    New to snort and running into the following problem.  On the router from my ISP I use the DMZ zone to send all traffic to my PFSense box.  When I activate snort it blocks the 192.168.240.xxx from the ISP router.  How can I tell it that this is my Internet so it does not block this IP address but rather filters what is coming from it.

    Thanks

    cjb



  • The most recent Snort update has also caused something similar on my system.  For example, it's blocking my ISP's internet gateway.  Despite me adding both a suppress rule and a whitelist entry containing the IP of the gateway.



  • Both whitelists amd suppression seem to be broken in the latest package. We just have to wait for a fix.



  • @fragged:

    Both whitelists amd suppression seem to be broken in the latest package. We just have to wait for a fix.

    yes and its not correctly creating the HOME_NET list in its config..Which would include your gw and wan ip



  • Just reinstall and should behave better.



  • @ermal:

    Just reinstall and should behave better.

    Ermal, so far (since updating), it appears to have resolved my ISP gateway issue.  Thanks.


Locked