Snort 22.214.171.124 pkg v. 2.5.1 Whitelists
Snort is ignoring whitelists…
I have checked all settings and everything seems correct. My alias is setup correct but snort still blocks whitelist ips / addresses.
I don't know where these are added within the file system, so I could check or manually create these entries.
Snort is currently off for now untill I can resolve this issue.
Thanks for any help...
Same problem here. I've tried both "Host" and "Network" formats for the Aliases configuration but Snort is not respecting them at all.
Tried the same thing.
I haven't figured out a place in the filesystem where the whitelist should be entered either. I can't find any whitelist files for Snort despite quite a bit of hunting. Unfortunately I've never used Snort outside of PFSense so I'm not familiar with its config files.
Add the following to your suppress list (Services: Snort: Suppression: Edit)
suppress gen_id 0, sig_id 0, track by_src, ip xxx.xxx.xxx.xxx
Where xxx.xxx.xxx.xxx is the IP you wish to whitelist. Make sure to restart Snort so it takes effect.
"gen_id 0, sig_id 0" is a global parameter and causes it to apply to all rules.
I've tested it every which way and it certainly appears to be working!
Thanks! Worked like a charm…
Ok, this seems to work for certain IPs, but not for Subnets… I have the same problem adding whitelist, aliases to the config but IPs from Homenet still getting blocked...
For networks try this in suppress list:
suppress gen_id 0, sig_id 0, track by_src, ip [xxx.xxx.xxx.xxx/29,yyy.yyy.yyy.yyy/28,zzz.zzz.zzz.zzz/28]
All networks must be in the same suppress line.
great, that saved my life :) Had the same problem a while and didnt find a solution.