Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort - Snort Interfaces > WAN Rules > Categories are blank

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      felesaerius
      last edited by

      Hey all, just started using the snort package and noticed there are… no rules. If I look at the interfaces, I see it's running, and enabled for the interface, but there's no rules defined:
      https://www.dropbox.com/s/w5aqsa63w1q6ozi/snortinterfaces.JPG

      So then I edit the interface, click on WAN Rules… aaand there's nothing.
      There's a Category: custom_rules, but there's nothing else to choose from... is there presets by default? From some cursory looks it seems others have options to select from for categories and such. But... where am I going wrong here?
      https://www.dropbox.com/s/awnrz8627vz2hqp/customrules.JPG

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        @felesaerius:

        Hey all, just started using the snort package and noticed there are… no rules. If I look at the interfaces, I see it's running, and enabled for the interface, but there's no rules defined:
        https://www.dropbox.com/s/w5aqsa63w1q6ozi/snortinterfaces.JPG

        So then I edit the interface, click on WAN Rules… aaand there's nothing.
        There's a Category: custom_rules, but there's nothing else to choose from... is there presets by default? From some cursory looks it seems others have options to select from for categories and such. But... where am I going wrong here?
        https://www.dropbox.com/s/awnrz8627vz2hqp/customrules.JPG

        Follow the setup instructions in this sticky thread posted at the top of the Packages forum:  http://forum.pfsense.org/index.php/topic,61018.0.html

        From your description, it sounds like you have not gone to the Global Settings tab and enabled any rule sets for download (Snort VRT, Emerging Threats and/or Snort GPLv2 Community Rules).  If you have not done so yet, read all the posts in the thread I linked.  That should get you going.  If not, post back and the team here can assist.

        One note about the linked post:  it refers to the "green icon" when starting the Snort interfaces.  That was the old icon.  In the current Snort package, the icon for the interface will be a red X when Snort is not running, and a green arrow point when Snort is running.  Unfortunately I am unable to edit that old post to correct the misinformation. :(

        Bill

        1 Reply Last reply Reply Quote 0
        • F
          felesaerius
          last edited by

          Got it, thank you!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.