3. Snort ignoring passlist after update

Snort ignoring passlist after update

  • S

    I recently updated to Snort 2.9.6.2 pkg v3.1.1

    Prior to the update my passlist was working correctly, now Snort is blocking the addresses in the passlist

    The IP's in my alias/passlist are all CIDR and not domains

    To fix this I tried:
    1. Removing/recreating the passlist
    2. Removing/recreating the referenced alias
    3. Reloading filters
    4. Restarting service
    5. Restarting server
    6. Reinstalled Snort

    But alas IP's in my passlist keep getting added to the Blocked table

    I even compared an XML backup of Pfsense prior to the update with an XML backup after, my Snort settings are the same as they were when it was working

    Can someone help me in the right direction to diagnose this?

    Thanks

    0
  • Moderator

    Out of curiosity, if you add some /32 IP addresses instead of CIDR to the "Alias", does Snort allow those IPs to "pass"?

    0
  • S

    Thanks for your reply BBcan177

    I just realized that the 'pass list' dropdown under Interface/WAN settings had been reset to default!

    DOH

    0
  • Moderator

    Happens to everyone at some time or another …  :)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy