Snort/Suricata Suggestion



  • Hello,

    One of the main feature of pfsense is the ability to use aliases, almost everywhere….and its very well done!!

    On firewall:Aliases there is 4 tabs; IP, PORT, URL, ALL

    It would be nice if we could add a 5th tab called: IDS

    On the IDS tab we could create any meta-variables using the $ operator of Snort or Suricata.

    Example : $NTP_SERVERS...

    Any aliases created on this tab could be invoked by IDS rules. That would make Snort and Suricata packages even more accessible, integrate pfsense DNA of aliases and make it even more customizable.

    F.


  • Moderator

    Hi fsansfil,

    This functionality already exists with both Snort and Suricata.

    In each Interface, edit the Interface variables tab (ie "WAN Variables"), and enter a pre-defined pfSense Alias.



  • Hey BBcan,

    I know, its really well done too…

    But just wanted a simple way to add more $ operator with aliases ;)

    F.



  • @fsansfil:

    Hey BBcan,

    I know, its really well done too…

    But just wanted a simple way to add more $ operator with aliases ;)

    F.

    This idea would require changes within the pfSense code itself, and not just the Snort or Suricata package code.

    Bill