Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort rules not disabling

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Clone1B
      last edited by

      Running 2.0.2 with Snort, I'm trying to disable rules that are blocking legitimate traffic/hosts including the ET CHAT and ET P2P categories but even after restarting Snort they are still raising alerts and being blocked.

      Adding the hosts to the whitelist also isn't helping.

      Edit: Just had a look through files. The UI doesn't actually seem to be updating the crontab, might be the same for the rules.

      1 Reply Last reply Reply Quote 0
      • R
        RChadwick
        last edited by

        I've got the same problem. I'm running 2.0.2, and had problems with Snort, so I disabled it. Oddly, a whole lot of memory is still being used. After reading the above comment, I checked the alerts, and the alert list is full.

        1 Reply Last reply Reply Quote 0
        • R
          RChadwick
          last edited by

          As an update…

          I decided to reboot pfsense, and see if things got better. It crashed right after the first menu. Fortunately, safe mode let me start up pfsense, and I uninstalled all packages. I haven't rebooted yet. I think pfsense is great, but I think I won't be using any packages with pfsense anymore.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.