Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Adding rules through putty

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MilesDeep
      last edited by

      Hello all,

      I'd like to add rules via putty.  For example, I'd like to add a rule that blocks Drop Box.  I navigate to here:

      [2.1-RELEASE][root@fw1.fw.local]/usr/pbi/snort-i386/etc/snort: ls (shows the following)

      classification.config                      snort.conf
      community-rules.tar.gz.md5          snort.conf_031414
      emerging.rules.tar.gz.md5            snort_10271_em0_vlan100
      gen-msg.map                              snort_12938_pppoe0
      preproc_rules                              snort_49044_em1_vlan300
      reference.config                            snortrules-snapshot-2955.tar.gz.md5
      rules                                          threshold.conf
      signatures                                  unicode.map

      I thought snort.conf is what I needed it is not.  Rules cannot be edited.  Where do I add rules?

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • L
        Legion
        last edited by

        You could just change permission on the rules file but it is my limited understanding that most of the pfSense config comes from the GUI and whatever is saved in the GUI's XML files. So even if you manually save rules in your snort.conf then next time you load up your snort gui page the changes you made from a terminal won't be reflected in the GUI and if/when you save your GUI page it will overwrite your terminal changes.

        At least, I'm fairly sure that's how it works for most packages. bmeeks can probably confirm/deny if that's how snort works. In other words, editing pfSense config from a terminal is generally not a good way to go about it unless you're specifically aware it will work for a particular file or package.

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by

          Do not edit rules from the Command Line. You can severely break pfSense if you make a mistake. All Snort Rule changes should be made from the Web GUI.

          (Change the WAN to LAN depending what you are trying to achieve)

          Step 1-
          Snort:WAN Interface EDIT:WAN Categories and make sure that ET Policy has a checkbox. If not select and restart the interface.

          Step 2-
          Snort:WAN Interface EDIT:WAN Rules (Select ET Policy Category)

          CTRL-F (search for dropbox to enable the rules that are already defined)

          And enable/disable the rules this way.

          If you want to create a local rule, you would enter the rule

          Snort:WAN Interface EDIT:WAN Rules - Custom.rules

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.