Snort - Snort Interfaces > WAN Rules > Categories are blank

pfSense Packages
Log in to reply
  • F

    Hey all, just started using the snort package and noticed there are… no rules. If I look at the interfaces, I see it's running, and enabled for the interface, but there's no rules defined:
    https://www.dropbox.com/s/w5aqsa63w1q6ozi/snortinterfaces.JPG

    So then I edit the interface, click on WAN Rules… aaand there's nothing.
    There's a Category: custom_rules, but there's nothing else to choose from... is there presets by default? From some cursory looks it seems others have options to select from for categories and such. But... where am I going wrong here?
    https://www.dropbox.com/s/awnrz8627vz2hqp/customrules.JPG

    0
  • bmeeks

    @felesaerius:

    Hey all, just started using the snort package and noticed there are… no rules. If I look at the interfaces, I see it's running, and enabled for the interface, but there's no rules defined:
    https://www.dropbox.com/s/w5aqsa63w1q6ozi/snortinterfaces.JPG

    So then I edit the interface, click on WAN Rules… aaand there's nothing.
    There's a Category: custom_rules, but there's nothing else to choose from... is there presets by default? From some cursory looks it seems others have options to select from for categories and such. But... where am I going wrong here?
    https://www.dropbox.com/s/awnrz8627vz2hqp/customrules.JPG

    Follow the setup instructions in this sticky thread posted at the top of the Packages forum:  http://forum.pfsense.org/index.php/topic,61018.0.html

    From your description, it sounds like you have not gone to the Global Settings tab and enabled any rule sets for download (Snort VRT, Emerging Threats and/or Snort GPLv2 Community Rules).  If you have not done so yet, read all the posts in the thread I linked.  That should get you going.  If not, post back and the team here can assist.

    One note about the linked post:  it refers to the "green icon" when starting the Snort interfaces.  That was the old icon.  In the current Snort package, the icon for the interface will be a red X when Snort is not running, and a green arrow point when Snort is running.  Unfortunately I am unable to edit that old post to correct the misinformation. :(

    Bill

    0
  • F

    Got it, thank you!

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy