Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Pkg 2.5.8 Change Log and Screenshots

    Scheduled Pinned Locked Moved pfSense Packages
    25 Posts 8 Posters 7.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB
      bmeeks
      last edited by

      @asbirim:

      hi, first of all thank you for this great package.

      i was needed to block offenders but not all traffic just unknown traffic. eg. torrent, p2p.

      so i added a alias with name "spammers" and edited snort.inc, snort_interfaces_global.php and snort_blocked.php to change default snort2c alias.  can you add theese changes to package.

      i have basic allow rules like only safe ports allowed.
      i am using
      block any to any source spammers
      at bottom of all others rules. so i can block offenders.

      I'm not sure I fully understand what you are doing here.  Are you using custom Snort rules?

      Bill

      1 Reply Last reply Reply Quote 0
      • A
        asbirim
        last edited by

        @bmeeks:

        @asbirim:

        hi, first of all thank you for this great package.

        i was needed to block offenders but not all traffic just unknown traffic. eg. torrent, p2p.

        so i added a alias with name "spammers" and edited snort.inc, snort_interfaces_global.php and snort_blocked.php to change default snort2c alias.  can you add theese changes to package.

        i have basic allow rules like only safe ports allowed.
        i am using
        block any to any source spammers
        at bottom of all others rules. so i can block offenders.

        I'm not sure I fully understand what you are doing here.  Are you using custom Snort rules?

        Bill

        i was added screenshots about what i am tyring.

        i am trying to use snort blocked offenders list in an alias. so i can totally have control over them.  because snort2c is block hosts at the top of pfctl, and the hosts tottally blocked. but i want to log them and just block unkown traffic from them.

        sorry for bad english. i hope i can explain my solution.

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          @asbirim:

          @bmeeks:

          @asbirim:

          hi, first of all thank you for this great package.

          i was needed to block offenders but not all traffic just unknown traffic. eg. torrent, p2p.

          so i added a alias with name "spammers" and edited snort.inc, snort_interfaces_global.php and snort_blocked.php to change default snort2c alias.  can you add theese changes to package.

          i have basic allow rules like only safe ports allowed.
          i am using
          block any to any source spammers
          at bottom of all others rules. so i can block offenders.

          I'm not sure I fully understand what you are doing here.  Are you using custom Snort rules?

          Bill

          i was added screenshots about what i am tyring.

          i am trying to use snort blocked offenders list in an alias. so i can totally have control over them.  because snort2c is block hosts at the top of pfctl, and the hosts tottally blocked. but i want to log them and just block unkown traffic from them.

          sorry for bad english. i hope i can explain my solution.

          The proper way to do this would be with your own Custom Rules in Snort.  The current package gives you that capability.  You can write Snort rules to block whomever you wish based on traffic content.  On the Rules tab, select "Custom Rules" in the drop-down and then create your own Snort text rules.  You must get the syntax correct before the save will be successful.

          Bill

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            @bmeeks:

            You can write Snort rules to block whomever you wish based on traffic content.  On the Rules tab, select "Custom Rules" in the drop-down and then create your own Snort text rules.  You must get the syntax correct before the save will be successful.

            I think asbirim is trying to block offenders based on snort rules but block only specific ports instead of blocking all ip traffic changing pf rule created by snort.

            On pfblocker I've added an option to only create alias but do not apply rules. This way sysadmin can create any rule based ou package created alias.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • bmeeksB
              bmeeks
              last edited by

              @marcelloc:

              @bmeeks:

              You can write Snort rules to block whomever you wish based on traffic content.  On the Rules tab, select "Custom Rules" in the drop-down and then create your own Snort text rules.  You must get the syntax correct before the save will be successful.

              I think asbirim is trying to block offenders based on snort rules but block only specific ports instead of blocking all ip traffic changing pf rule created by snort.

              On pfblocker I've added an option to only create alias but do not apply rules. This way sysadmin can create any rule based ou package created alias.

              Oh…OK.  I wasn't initially understanding his intent.  I'm not sure this idea really fits into what Snort is about, though.  Sounds more like something for one of the other packages like pfBlocker perhaps.

              Bill

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.