Snort - transfer config from one port to another?
-
Is there an easy way to copy a snort configuration from one WAN port to another port - copy some .conf file somehow? Anything other than go through the ruleset one by one to save time would be appreciated, thanks in adv for any tips
-
Not currently, but Bill Meeks is working on this functionality for both the Snort and Suricata Packages in the upcoming releases.
-
thanks for the prompt response. I'll grab some beers and start setting up then….second thoughts, might be best to lay off the beer whilst setting up snort rules :o
-
@irj972:
thanks for the prompt response. I'll grab some beers and start setting up then….second thoughts, might be best to lay off the beer whilst setting up snort rules :o
Updated:
This capability is coming in the next Snort update. The Pull Requestwill be posted in the next day or twois now posted for review and merging by the pfSense Core Team. The feature will work like duplicating firewall rules based on a existing one. You will have plus (+) icons next to each configured Snort interface. Clicking the icon will create a new Snort instance on the next available interface and bring over all the settings from the source except for the interface name and the Suppress List, Pass List, Home Net and External Net settings. Those revert to defaults.Here is the link to the Pull Request: https://github.com/pfsense/pfsense-packages/pull/661
Bill
-
@BBcan17:
Not currently, but Bill Meeks is working on this functionality for both the Snort and Suricata Packages in the upcoming releases.
The Pull Request containing this functionality for Suricata is posted here https://github.com/pfsense/pfsense-packages/pull/659
Snort is coming in the next day or two.
Bill
-
@irj972:
thanks for the prompt response. I'll grab some beers and start setting up then….second thoughts, might be best to lay off the beer whilst setting up snort rules :o
As long as you are still drinking beers when you turn Snort back on …. :)
