Snort Pass List not auto created



  • I'm new to the Snort configurations, 1st time installing and using it.

    In snort, ' A Default Pass List ' was not automatically created.

    Do I actually need to create one then?



  • Yes, if you want a custom pass list, you got to create it. It is a three-step process:

    • First, you create an alias that lists all host IP addresses and networks you want to whitelist.

    • Second, you create a pass list (Snort: Pass Lists; hit the plus button to add a new one or the “e” button to edit an existing list). And use the alias you created in step one.

    • Third, you select the created pass list in the Snort: Interface Settings tab, under “Choose the networks Snort should inspect and whitelist.”

    Pass lists only useful if the “Block Offenders” option is on. You only need one if you have custom hosts/networks that you want Snort to never block.



  • @propel:

    I'm new to the Snort configurations, 1st time installing and using it.

    In snort, ' A Default Pass List ' was not automatically created.

    Do I actually need to create one then?

    Usually, in a home network setup, you do not need to create or set any specific Pass List.  The "defaults" that Snort will use if you do not create or set a list are generally sufficient.  It will not block your LAN IP block, or DNS servers, your default gateway nor your WAN IP address.  If you have multiple directly-connected networks (for example, DMZ, multiple LANs, VPNs, etc.), then they will be included as well.  You only need to create a Pass List when you have specific external hosts or networks you don't ever want blocked, or you have some internal hosts that are not on directly-attached networks that you don't want blocked.

    Bill