How to add exception in Short?



  • Hi!
    I plug Snort module in PfSense, now i want to configure out it before blocking switch on.
    I update Snort, then i have create snort-interface for internet network adapter.
    In snort-interface i have switch on "Portscan Detection" preprocessor, in categories i have choose "snort_scan.rules". And then i have launch Snort.
    In Snorts Alerts i started to see this records:
    12/10-11:16:42   2      Attempted Information Leak   x.x.x.x      y.y.y.y1       122:5:1    PSNG_TCP_FILTERED_PORTSCAN
    12/10-11:16:27   2      Attempted Information Leak   x.x.x.x      y.y.y.y2       122:7:1    PSNG_TCP_PORTSWEEP_FILTERED
    Where x.x.x.x is ip of my external zabbix server, and y.y.y.y1, y.y.y.y2 are ip of my internal machines with Zabbix clients.
    I have add zabbix server to WhiteList, plug it (zabbix server) to Snort-interface and relaunch Snort.
    This don't help, in Alerts i see the same new records.
    In Snort-interface (in Whitelist configuration) i have found this note:
    Note:
    This option will only be used when block offenders is on.
    As i understand, Whitelist affects only on blocking.
    How i can disable in Alert false traffic warning records, which are received from my external servers ?
    Thanks for your help.



  • did you tried to search this packages section????

    There are several topics on the subject, this recent one is an example:
    http://forum.pfsense.org/index.php/topic,56550.0.html


Locked