Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort ignoring passlist after update

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 917 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sam- 0
      last edited by

      I recently updated to Snort 2.9.6.2 pkg v3.1.1

      Prior to the update my passlist was working correctly, now Snort is blocking the addresses in the passlist

      The IP's in my alias/passlist are all CIDR and not domains

      To fix this I tried:
      1. Removing/recreating the passlist
      2. Removing/recreating the referenced alias
      3. Reloading filters
      4. Restarting service
      5. Restarting server
      6. Reinstalled Snort

      But alas IP's in my passlist keep getting added to the Blocked table

      I even compared an XML backup of Pfsense prior to the update with an XML backup after, my Snort settings are the same as they were when it was working

      Can someone help me in the right direction to diagnose this?

      Thanks

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        Out of curiosity, if you add some /32 IP addresses instead of CIDR to the "Alias", does Snort allow those IPs to "pass"?

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • S
          sam- 0
          last edited by

          Thanks for your reply BBcan177

          I just realized that the 'pass list' dropdown under Interface/WAN settings had been reset to default!

          DOH

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            Happens to everyone at some time or another …  :)

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.