Snort pkg v3.2.9 Update Release Notes
-
Snort 2.9.7.6 pkg v3.2.9 Release Notes
This release updates the Snort binary to v2.9.7.6 and the pfSense GUI package to v3.2.9. This update adds support for two new HTTP_INSPECT options and enables logging of IPv6 addresses in Unified2 logs as extra-data. There are four minor bug fixes included with this update.
Note: Other than required bug fixes, I plan on not making changes to GUI functionality within Snort during the period I am porting the package to the new pfSense 2.3 Bootstrap code. There are some additional GUI features I want to add in the areas of custom rules and OpenAppID, but I need to freeze the GUI for a bit while porting to Bootstrap.
New Features
-
Added support for the decompress_swf and decompress_pdf options for the HTTP_INSPECT preprocessor. These options decompress Shockwave Flash and Adobe PDF files so they can be further inspected. The new settings are available on the HTTP_INSPECT Engines dialog on the PREPROCESSORS tab.
-
IPv6 addresses are now logged in the extra-data segment when Unified2 log output is enabled with Barnyard2.
Bug Fixes
-
Tidy up output messages displayed during package installation and during rule updates.
-
Add two missing OpenAppID folders and a default file to prevent warning messages when starting up with OpenAppID enabled.
-
When editing HTTP_INSPECT, FRAG3, STREAM5, FTP_SERVER or FTP_CLIENT engines on the PREPROCESSORS tab, there is no prompt to apply the change to the running configuration when returning from the engine dialog page on the PREPROCESSORS tab .
-
Add code to prevent the /usr/local/etc/rc.d shell script for Snort from processing a RESTART command while a package START command is still in progress
Bill
-
-
Thank you for the Snort upgrade package, but I've noticed a problem. After upgrading to 3.2.9, SNORT has disappeared from the GUI.
The SNORT package shows as installed, but when checking under Services, there is no SNORT menu item. Likewise, under Status > Dashboard > Services Status, SNORT doesn't show.
I have upgraded the SNORT GUI, just in case that was the problem. I have also rebooted the firewall. Are there any suggestions about what to try next, or how to troubleshoot?
Just for the record, I also upgraded Notes and AutoConfigBackup at the same time. They seem to be working.
-
Yeah. Reinstall the package.
-
Reinstall worked. One of the interfaces did not come back up immediately, but I was able to restart it.
<update> On my second site, the upgrade worked perfectly. <end update="">Thank you.</end></update>
