Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Pass List not auto created

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 3 Posters 985 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      propel
      last edited by

      I'm new to the Snort configurations, 1st time installing and using it.

      In snort, ' A Default Pass List ' was not automatically created.

      Do I actually need to create one then?

      1 Reply Last reply Reply Quote 0
      • G
        G.D. Wusser Esq.
        last edited by

        Yes, if you want a custom pass list, you got to create it. It is a three-step process:

        • First, you create an alias that lists all host IP addresses and networks you want to whitelist.

        • Second, you create a pass list (Snort: Pass Lists; hit the plus button to add a new one or the “e” button to edit an existing list). And use the alias you created in step one.

        • Third, you select the created pass list in the Snort: Interface Settings tab, under “Choose the networks Snort should inspect and whitelist.”

        Pass lists only useful if the “Block Offenders” option is on. You only need one if you have custom hosts/networks that you want Snort to never block.

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          @propel:

          I'm new to the Snort configurations, 1st time installing and using it.

          In snort, ' A Default Pass List ' was not automatically created.

          Do I actually need to create one then?

          Usually, in a home network setup, you do not need to create or set any specific Pass List.  The "defaults" that Snort will use if you do not create or set a list are generally sufficient.  It will not block your LAN IP block, or DNS servers, your default gateway nor your WAN IP address.  If you have multiple directly-connected networks (for example, DMZ, multiple LANs, VPNs, etc.), then they will be included as well.  You only need to create a Pass List when you have specific external hosts or networks you don't ever want blocked, or you have some internal hosts that are not on directly-attached networks that you don't want blocked.

          Bill

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.