Snort 3.0
-
Hi, can we have support for snort 3.0 in pfsense 2.3?
-
When it hits release or at earliest when the RCs come out.
-
Yeah, things don't get in pfSense until they are in the FreeBSD ports tree. Right now Snort 2.9.8.0 is current in FreeBSD ports. They likely won't take Snort 3.0 in the ports tree until it goes at least to Release Candidate status.
Snort on pfSense 2.3-BETA has been updated to the 2.9.8.0 binary. I will see about bumping the binary version for pfSense 2.2.x users as well.
Bill
-
Hopefully, in response to CVE-2016-1345 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp it will get bumped to 2.9.8.2
-
bmeeks: can we upgrade this? PF 2.3?
-
Hopefully, in response to CVE-2016-1345 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp it will get bumped to 2.9.8.2
Snort on pfSense is NOT compiled with the "–enable-file-inspect" flag, so it should not be vulnerable according to the security bulletin.
Updates to the pfSense binaries for Snort and Suricata only happen after those updates are posted in FreeBSD ports.
Bill
