Newbie questions regarding SNORT on pfsense

bwong3351

When I "Remove" an IP from the block list,will it automatically be added to the white-list? If so is there any way for me to edit the whitelist?

Thanks

judex

Removed IPs are not added to the whitelist.
You can edit or create a new whitelist under Firewall/Aliases and use that created/modified alias under Services -> Snort -> Whitelists

Best wishes,

Judex

bwong3351

Thanks for the quick reply

simi8

so…what does "remove from isp" do ?

bwong3351

Is a temp pass. This will only work if you have auto black IP turn on.

Example if a IP was blocked due to some rule. By removing it you allow a tmp pass through but if the IP trip the same rule (or other rule) it will get block again.

If you add the IP to the WL, Snort will completely skip it.