Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Possible BUG in Snort custom.rules

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BBcan177B
      BBcan177 Moderator
      last edited by

      I am noticing an issue in Snort custom.rules

      1. create a new rule(s) in custom.rules, and restart the Snort Interface
      2. go back to custom.rules and delete the rules, leaving no rules defined and Click "Save"

      The custom.rules will not clear.
      To save the custom.rule (with no rules), you need to enter a "single space" to be able to save the custom.rules.

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        @BBcan17:

        I am noticing an issue in Snort custom.rules

        1. create a new rule(s) in custom.rules, and restart the Snort Interface
        2. go back to custom.rules and delete the rules, leaving no rules defined and Click "Save"

        The custom.rules will not clear.
        To save the custom.rule (with no rules), you need to enter a "single space" to be able to save the custom.rules.

        Thanks for the report.  I will check into this.

        Bill

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          @BBcan17:

          I am noticing an issue in Snort custom.rules

          1. create a new rule(s) in custom.rules, and restart the Snort Interface
          2. go back to custom.rules and delete the rules, leaving no rules defined and Click "Save"

          The custom.rules will not clear.
          To save the custom.rule (with no rules), you need to enter a "single space" to be able to save the custom.rules.

          I submitted the fix for this problem in the current Snort 2.9.5.6 pkg v3.0.4 Pull Request that is posted on GitHub now.  So as soon as the Core Team guys review and approve the request, this fix will be posted.  Here is the link to the request:  https://github.com/pfsense/pfsense-packages/pull/582

          Bill

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            @bmeeks:

            I submitted the fix for this problem in the current Snort 2.9.5.6 pkg v3.0.4 Pull Request that is posted on GitHub now.  So as soon as the Core Team guys review and approve the request, this fix will be posted.  Here is the link to the request:  https://github.com/pfsense/pfsense-packages/pull/582

            Bill

            Thanks Bill. I guess there is the changelog.

            Unfortunately after this upgrade, I dont see any of these changes. There are no new icons in the Alerts Tab, Clicking on a remove Block still brings it to the Lan interface. The Rules tab is not updated.

            Maybe this is still the previous release? Let me know if you want me to test anything.

            Thanks.

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.