Snort Unable to add whitelist

  • I am running snort pkg. v 2.5.1 when I go to create a whit list and enter the IP of the site I want on the list I get an error that says invalid alias. How do I add sites to the white list so snort does not block them?

  • You need to create aliases for pfsense and use those instead.
    This can be done by going to the firewall menu and choosing aliases.
    Create an alias, add every ip or fqdn you want to whitelist and add that to the whitelist.
    Then, back in the settings for snort, you can add your brand new alias.

  • Thanks that was what I needed. Now what is getting me is websites  that the IP is not always the same. How do I combat that.

  • You can use domain names and pfsense will resolve the domain name to the correct ip for you.
    Domain names can be set as aliases.
    If a domain name is dual stacked, pfsense will even return both v4 and v6 addresses I believe.
    You can add as many domain names, ip addressess and referenced aliases in an alias as you want.
    For instance, you could make an alias for all your mail servers and call that alias safe_mail.
    Then, you can reference that alias in another alias, for instance the alias Whitelist_snort.
    That way you can stack aliases on top of each other and have very fine grained control over your aliases and lists.

Log in to reply