Snort blocks WAN IP after update



  • Good afternoon,

    I have been having problems with Snort blocking some WAN IPs, despite having whitelisted them. Today I updated Snort to version 2.9.4.1 pkg v. 2.5.4, and immediately had problems with my main WAN IP being blocked by Snort. I also have some CARP VIPs which have also been blocked. Prior to the update the WAN and VIPs were never blocked, this has been a happening as soon as I updated Snort.

    I saw this thread here: http://forum.pfsense.org/index.php?topic=59395.0 and took a look at my whitelist file, and confirmed the main WAN IP and CARP VIPs were listed. I made a change to force settings to be altered, and then changed them back again, and restarted the WAN Snort interface but the problem continued, so I uninstalled and reinstalled Snort, rebooted, and my WAN IPs are still blocked.

    If anyone could help with this I would be very grateful.





  • Thank you, I had missed that post. I shall wait for an update then.



  • My understanding it was already patched but with the same version number, uninstall + reinstall resolved it for me.



  • @joako:

    My understanding it was already patched but with the same version number, uninstall + reinstall resolved it for me.

    Correct.  The Version Number was not incremented for the latest fix for WAN IP blocking.  Just uninstall and reinstall as suggested and the "fix will be in"… :)

    Bill


Locked