Snort except block, there is a packet drop feature?

magura · Oct 1, 2015, 9:20 PM

Just automatically discarded illegal packets
I do not want to block SRC OR DST IP
Whether to make?

fragged · Oct 2, 2015, 5:49 AM

Can't be done as Snort can't work in 'inline' mode yet on pfSense.

magura · Oct 5, 2015, 3:00 AM

in-line mode will develop the future? ;D

bmeeks · Oct 5, 2015, 3:39 PM

Yes, there are future plans for in-line mode. Changes are necessary in the pfSense kernel code to fully support this (primarily full support for netmap).

Bill

magura · Oct 6, 2015, 7:27 AM

what pfsense version will be provided. ;D
Thank you

bmeeks · Oct 8, 2015, 8:35 PM

Not yet known. That will be up to the pfSense core developers. I'm just a volunteer package maintainer for Snort and Suricata… :). It has been posted here and elsewhere this is a planned feature, but no specific version/timetable has been given.

Bill