Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Possible to make Snort block IP on specific interface

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 2 Posters 832 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cabal95
      last edited by

      Second related question, is it possible to have Snort block only on the interface it is configured for?

      Our setup: We have public WiFi and staff networks both being handled by our pfSense router.  We have Snort setup on the "public wifi" network to be extremely restrictive.  This is causing problems because it is blocking the offending IPs for ALL interfaces instead of just the interface it has been configured on.

      Is setting up a second (third, fourth, etc.) pfSense box for every network I want to Snort my only solution so that they do not interfere with each other my only option, or is there a way to get Snort to only block on the interface it has been configured on?

      1 Reply Last reply Reply Quote 0
      • F
        fragged
        last edited by

        Snort and IPS/IDS in general is not a turn on once and leave it running kind of solution. You need to asses if the alerts being triggered are false positives or not and add suppress / pass lists based on your needs.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.