Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort supress list

    Scheduled Pinned Locked Moved IDS/IPS
    6 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kryptos1
      last edited by

      Can anyone post the command to use for adding an IP to Snort's supress list? Where are the suppress lists stored?

      1 Reply Last reply Reply Quote 0
      • MikeV7896M
        MikeV7896
        last edited by

        @Kryptos1:

        Can anyone post the command to use for adding an IP to Snort's supress list? Where are the suppress lists stored?

        That would be a great question for the IDS/IPS forum…

        The S in IOT stands for Security

        1 Reply Last reply Reply Quote 0
        • K
          Kryptos1
          last edited by

          Id like to add the commands to these cheat sheets.

          Defense_Pfsense_CMDs02_[2550x1650].png_thumb
          Defense_Pfsense_CMDs02_[2550x1650].png
          Defense_Pfsense_CMDs01_[2550x1650].png_thumb
          Defense_Pfsense_Log_Format01_[2550x1650].png
          Defense_Pfsense_CMDs01_[2550x1650].png
          Defense_Pfsense_Log_Format01_[2550x1650].png_thumb

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            @Kryptos1:

            Can anyone post the command to use for adding an IP to Snort's supress list? Where are the suppress lists stored?

            The suppress list is a text file stored in a sub-directory unique to the interface.  There is no API for adding to the list from a third-party application.  There are icons on the ALERTS tab that can be clicked, and those icons will execute some PHP code that adds an IP to the list for the interface.

            Bill

            1 Reply Last reply Reply Quote 0
            • K
              Kryptos1
              last edited by

              Hello Bill,

              Thank you for the reply. I found where the snort configuration files were. If someone modifies the suppress list texts with a text editor, what would be the command to restart/reload snort so that text file is reread and loaded? I'm trying to learn and document all the commands necessary to manage snort/pfsense remotely over ssh.

              Chris

              1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks
                last edited by

                @Kryptos1:

                Hello Bill,

                Thank you for the reply. I found where the snort configuration files were. If someone modifies the suppress list texts with a text editor, what would be the command to restart/reload snort so that text file is reread and loaded? I'm trying to learn and document all the commands necessary to manage snort/pfsense remotely over ssh.

                Chris

                There is a shell script (/usr/local/etc/rc.d/snort.sh) that you can execute to restart Snort. Just call that script with one of these arguments:  start, stop or restart.  I suspect restart is the one you want to use.  The shell script will impact all of the configured Snort interfaces.

                Bill

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.