Snort: Clear Pending Changes?

  • Hi,

    If I have hit the Remove all changes to all categories button by accident on a particular interface, but not yet pressed Apply Changes, is there any way I can clear the pending removal?


  • Banned

    Hmmm, like - go away from the page? Or that doesn't work?

  • There will be text file created in /var/run with an extension of ".dirty".  I don't recall the rest of the filename, but I suspect it will have "snort" in the name someplace.  Delete that.  Just do not delete any *.pid files!  The code uses the native function mark_subsystem_dirty() to flag changes.  Other native pfSense code checks files created by that function to see when to display the "apply changes" prompt.

    Of course a firewall reboot will also clear the message, but simply deleting the file will fix it without a reboot.


  • Brilliant, a firewall reboot dealt with it.  Navigating away did not remove the dirty file.  Might be useful if there were some sort of 'purge' facility available for handling unwanted pending changes.


Log in to reply