Snort 2.9.2.3 v. 2.5.1 - Rule selections not persisting after restart of snort
-
I just installed pfsense 2.0.1 (amd64) and added 2.9.2.3 pkg v. 2.5.1. I'm only using the Emerging Threats rules and its not set for autoupdate.
As a test, I've enabled all of the pre-processors and turned on a handful of categories. To test out the functionality, I enabled GPL ICMP_INFO PING from the emerging-icmp_info.rules category which was originally disabled by default. I can ping the external interface and the alerts are viewable as I'd expect.However, when a of the snort service occurred, I no longer saw alerts for this rule appearing. I re-checked the rule and was surprised to see it disabled. After re-enabling this rule and then restarting, I am able to trigger alerts again. Is this expected? Are there any work arounds for this? I'd like for my selections to persist after a restart of the service.
Also, to the far right of each rule is a button to "edit rule" when I click on this, I can see the rules listing for the category open in a new window called " Advanced: File Editor". However, I don't see any way to save a change made to this file. I only see the button for cancel. Can this file be edited from the browser window?
Thanks
-
I am also wondering if and when this will be fixed.
Thanks.