3. Snort 3.2.6 not saving alert or block list when pfsense is rebooted

Snort 3.2.6 not saving alert or block list when pfsense is rebooted

  • F

    Snort 3.2.6 is not saving the alert & block list when pfsense is rebooted, I thought it used to keep this data?

    Remove Blocked Hosts Interval set to Never
    Remove Blocked Hosts After Deinstall unticked/unchecked
    Keep Snort Settings After Deinstall is ticked/checked

    0

  • Nope, blocks have never been persistent across reboots nor packet filter resets.  Snort hands the IP addresses to block off to the packet filter by stuffing them in a pfSense system table called <snort2c>.  This alias table is recreated from scratch on each reboot of the firewall, so any existing IPs are lost when the table is recreated.  It has always worked this way for both Snort and Suricata.

    Bill</snort2c>

    0
  • F

    Ok my bad then.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy