Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How does snort performing the block action?

    pfSense Packages
    2
    3
    1285
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gpyle
      last edited by

      I'm curious how snort is blocking traffic and if it can in some way be modified.  Ideally I want snort or a L7 filter to identify users that are using P2P programs and redirect them to a remediation page that explains they will not have access to the internet until they disable the P2P program.

      If that can't be done, then it would be nice if snort could auto generate firewall rules to drop only the P2P traffic.

      Currently though when I enable the snort p2p rules and put it in IPS mode it blocks the user from communicating through the gateway, but I don't see how.  I look at the firewall rules and nothing has been added.  How does snort block a user/machine/IP?

      TIA

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        It's in an anchor in the ruleset.

        1 Reply Last reply Reply Quote 0
        • G
          gpyle
          last edited by

          Thanks, and sorry about originally posting in the wrong area.

          Can you explain a little more or point me in the direction of where to look?  Is there any possibility of modifying the action to redirect the user to a remediation page or drop only the P2P traffic?  If we wanted to pay for support hours to cover the cost of developing this feature, how many hours would you estimate?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post