Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort not holding settings

    Scheduled Pinned Locked Moved pfSense Packages
    7 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wbennett77
      last edited by

      Hello,
      I don't know if I am doing something wrong but when I change the "Available Rule Categories" under the WAN Rules tab it won't stick after clicking Apply. If I go to a different tab and then come back to WAN Rules the Category has changed back to "Auto-Flowbit rules.
      Thanks for any help.

      Dell Optiplex 390 Pfsense 2.2 / Asus AC56U Wireless AP / Asus Switch

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        When you click "Save" wait for the browser to finish its refresh before moving to another Tab otherwise it won't save the changes.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • W
          wbennett77
          last edited by

          @BBcan177:

          When you click "Save" wait for the browser to finish its refresh before moving to another Tab otherwise it won't save the changes.

          Thanks for the response. I tried what you suggested but it just won't stick. Is it possible that the WAN Rules tab is only for information and that the real setting is controlled by WAN Categories?

          Dell Optiplex 390 Pfsense 2.2 / Asus AC56U Wireless AP / Asus Switch

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            Are you selecting the "IPS Policy" Checkbox also? Selecting an IPS Policy overrides any manual settings I believe.

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              @wbennett77:

              when I change the "Available Rule Categories" under the WAN Rules tab it won't stick after clicking Apply.

              I re-read this and the WAN Rules tab is to view the Rules and you also have the ability to Enable/Disable individual Rules or the whole category.

              If you are looking to Enable/Disable Rule Categories, you need to set those in the WAN Categories Tab.

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • W
                wbennett77
                last edited by

                Thanks BBcan177,
                Once last question re snort. If I have the IPS policy set to Connectivity or Balanced and "Block Offenders" disabled does that make Snort just a logger or is it still protecting against the IPS policy chosen?
                Thanks!

                Dell Optiplex 390 Pfsense 2.2 / Asus AC56U Wireless AP / Asus Switch

                1 Reply Last reply Reply Quote 0
                • BBcan177B
                  BBcan177 Moderator
                  last edited by

                  @wbennett77:

                  Thanks BBcan177,
                  Once last question re snort. If I have the IPS policy set to Connectivity or Balanced and "Block Offenders" disabled does that make Snort just a logger or is it still protecting against the IPS policy chosen?
                  Thanks!

                  You have to enable "Blocking" for it to actually Protect your network. or its just going to Alert only.

                  I suggest "Block Offenders", "Kill States" and "Block Both"

                  "Experience is something you don't get until just after you need it."

                  Website: http://pfBlockerNG.com
                  Twitter: @BBcan177  #pfBlockerNG
                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.