Snort rules after updating pfSense



  • I have disabled some snort rules in some categories. I noticed, that this rules are enabled again after a update to a newer snapshot version. <maybe this="" is="" a="" bug="" …<br="">How can i backup my snort-rules settings ?</maybe>



  • Hello!

    I found the same problem on an external snort installation that I have.

    In my case was the oinkmaster script configuration.

    snort rules change a lot. So, disabling rules must be done at two places: on the snort configuration and on the updater tool (normally oinkmaster, http://oinkmaster.sourceforge.net/).

    I think that this question is not implemented yet in the snort package for pfSense, not a bug, a new feature perhaps.

    oinkmaster is a perl script. I think pfSense doesn't use it to update snort, so I don't know if is possible to evade this problem using the pfSense console.

    Regards,

    Josep Pujadas



  • Thanks for your answer. Lets see, if some from the pfSense developers can state a comment about this issue ?



  • Known issue.  Nobody is addressing it ATM.

    Start a bounty if it is important and timely.


Log in to reply