3. Possible to make Snort block IP on specific interface

Possible to make Snort block IP on specific interface

  • C

    Second related question, is it possible to have Snort block only on the interface it is configured for?

    Our setup: We have public WiFi and staff networks both being handled by our pfSense router.  We have Snort setup on the "public wifi" network to be extremely restrictive.  This is causing problems because it is blocking the offending IPs for ALL interfaces instead of just the interface it has been configured on.

    Is setting up a second (third, fourth, etc.) pfSense box for every network I want to Snort my only solution so that they do not interfere with each other my only option, or is there a way to get Snort to only block on the interface it has been configured on?

    0
  • F

    Snort and IPS/IDS in general is not a turn on once and leave it running kind of solution. You need to asses if the alerts being triggered are false positives or not and add suppress / pass lists based on your needs.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy