Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Unable to add whitelist

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 5.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      suicidegybe
      last edited by

      I am running snort 2.9.2.3 pkg. v 2.5.1 when I go to create a whit list and enter the IP of the site I want on the list I get an error that says invalid alias. How do I add sites to the white list so snort does not block them?

      1 Reply Last reply Reply Quote 0
      • I
        iFloris
        last edited by

        You need to create aliases for pfsense and use those instead.
        This can be done by going to the firewall menu and choosing aliases.
        Create an alias, add every ip or fqdn you want to whitelist and add that to the whitelist.
        Then, back in the settings for snort, you can add your brand new alias.

        one layer of information
        removed

        1 Reply Last reply Reply Quote 0
        • S
          suicidegybe
          last edited by

          Thanks that was what I needed. Now what is getting me is websites  that the IP is not always the same. How do I combat that.

          1 Reply Last reply Reply Quote 0
          • I
            iFloris
            last edited by

            You can use domain names and pfsense will resolve the domain name to the correct ip for you.
            Domain names can be set as aliases.
            If a domain name is dual stacked, pfsense will even return both v4 and v6 addresses I believe.
            You can add as many domain names, ip addressess and referenced aliases in an alias as you want.
            For instance, you could make an alias for all your mail servers and call that alias safe_mail.
            Then, you can reference that alias in another alias, for instance the alias Whitelist_snort.
            That way you can stack aliases on top of each other and have very fine grained control over your aliases and lists.

            one layer of information
            removed

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.