Snort pkg v3.2.9 Update Release Notes

  • Snort pkg v3.2.9 Release Notes

    This release updates the Snort binary to v2.9.7.6 and the pfSense GUI package to v3.2.9.  This update adds support for two new HTTP_INSPECT options and enables logging of IPv6 addresses in Unified2 logs as extra-data.  There are four minor bug fixes included with this update.

    Note:  Other than required bug fixes, I plan on not making changes to GUI functionality within Snort during the period I am porting the package to the new pfSense 2.3 Bootstrap code.  There are some additional GUI features I want to add in the areas of custom rules and OpenAppID, but I need to freeze the GUI for a bit while porting to Bootstrap.

    New Features

    • Added support for the decompress_swf and decompress_pdf options for the HTTP_INSPECT preprocessor.  These options decompress Shockwave Flash and Adobe PDF files so they can be further inspected.  The new settings are available on the HTTP_INSPECT Engines dialog on the PREPROCESSORS tab.

    • IPv6 addresses are now logged in the extra-data segment when Unified2 log output is enabled with Barnyard2.

    Bug Fixes

    • Tidy up output messages displayed during package installation and during rule updates.

    • Add two missing OpenAppID folders and a default file to prevent warning messages when starting up with OpenAppID enabled.

    • When editing HTTP_INSPECT, FRAG3, STREAM5, FTP_SERVER or FTP_CLIENT engines on the PREPROCESSORS tab, there is no prompt to apply the change to the running configuration when returning from the engine dialog page on the PREPROCESSORS tab .

    • Add code to prevent the /usr/local/etc/rc.d shell script for Snort from processing a RESTART command while a package START command is still in progress


  • Thank you for the Snort upgrade package,  but I've noticed a problem.  After upgrading to 3.2.9,  SNORT has disappeared from the GUI.

    The SNORT package shows as installed, but when checking under Services, there is no SNORT menu item.  Likewise, under Status >  Dashboard > Services Status, SNORT doesn't show.

    I have upgraded the SNORT GUI,  just in case that was the problem.  I have also rebooted the firewall.  Are there any suggestions about what to try next, or how to troubleshoot?

    Just for the record,  I also upgraded Notes and AutoConfigBackup at the same time.  They seem to be working.

  • Banned

    Yeah. Reinstall the package.

  • Reinstall worked.  One of the interfaces did not come back up immediately, but I was able to restart it.

    <update>  On my second site, the upgrade worked perfectly.  <end update="">Thank you.</end></update>

Log in to reply