Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort 3.2.6 not saving alert or block list when pfsense is rebooted

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 748 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      firewalluser
      last edited by

      Snort 3.2.6 is not saving the alert & block list when pfsense is rebooted, I thought it used to keep this data?

      Remove Blocked Hosts Interval set to Never
      Remove Blocked Hosts After Deinstall unticked/unchecked
      Keep Snort Settings After Deinstall is ticked/checked

      Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

      Asch Conformity, mainly the blind leading the blind.

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        Nope, blocks have never been persistent across reboots nor packet filter resets.  Snort hands the IP addresses to block off to the packet filter by stuffing them in a pfSense system table called <snort2c>.  This alias table is recreated from scratch on each reboot of the firewall, so any existing IPs are lost when the table is recreated.  It has always worked this way for both Snort and Suricata.

        Bill</snort2c>

        1 Reply Last reply Reply Quote 0
        • F
          firewalluser
          last edited by

          Ok my bad then.

          Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

          Asch Conformity, mainly the blind leading the blind.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.