3. Snort Unable to add whitelist

Snort Unable to add whitelist

  • S

    I am running snort 2.9.2.3 pkg. v 2.5.1 when I go to create a whit list and enter the IP of the site I want on the list I get an error that says invalid alias. How do I add sites to the white list so snort does not block them?

    0
  • I

    You need to create aliases for pfsense and use those instead.
    This can be done by going to the firewall menu and choosing aliases.
    Create an alias, add every ip or fqdn you want to whitelist and add that to the whitelist.
    Then, back in the settings for snort, you can add your brand new alias.

    0
  • S

    Thanks that was what I needed. Now what is getting me is websites  that the IP is not always the same. How do I combat that.

    0
  • I

    You can use domain names and pfsense will resolve the domain name to the correct ip for you.
    Domain names can be set as aliases.
    If a domain name is dual stacked, pfsense will even return both v4 and v6 addresses I believe.
    You can add as many domain names, ip addressess and referenced aliases in an alias as you want.
    For instance, you could make an alias for all your mail servers and call that alias safe_mail.
    Then, you can reference that alias in another alias, for instance the alias Whitelist_snort.
    That way you can stack aliases on top of each other and have very fine grained control over your aliases and lists.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy