[Feature Request] Snort Blocked Hosts Page



  • Hello,

    First and foremost I'd just like to say thanks to all the hard work that's been put into this fantastic platform, I absolutely love it!

    In my general use of pfSense I've noticed occasional situations where I think there could be some useful additions to the interface or view.  For example one primary tool that I take advantage of in pfSense is Snort.  When reviewing triggered events it's convenient to have a quick view at the blocked list which could display both the offending external & affected internal hosts rather than sifting through the alerts tab trying to match timestamps.

    If you're snort interface is configured to block offending hosts it would be nice to see which internal machine was talking to the offending host when the event was triggered.  Obviously this wouldn't affect the WAN interface but I have another snort LAN interface which monitors several VLans - it would be great to see the "blocked" tab with a similar view as the "Alerts" tab in the sense it shows the host which triggered the rule.

    In addition to the blocked tab view it would be great to have an optional shortcut button to whitelist an offending IP, I wouldn't want this too easily accessible but maybe a button with an additional prompt saying ARE YOU SURE?  An example of needing this is using an EXE block rule but still wanting to allow specific websites to perform updates and downloads - just convenience.  There are several scenarios but this was one that I came across.

    Thanks again,
    JStyle


Log in to reply