An ospf package would be great (don't know if there is a bounty yet though).

I can say that snort is working. I enabled the nmap xmas filter, and asked a friend to nmap my WAN ip address, and got him in the snort logs:

[ ** ] [ 1:1228:8 ] SCAN nmap XMAS [ ** ] 
[ Classification: Attempted Information Leak ] [ Priority: 2 ] 
04/02-23:40:19.256674 A.B.C.D:60949 -> A.B.C.D:237
TCP TTL:39 TOS:0x0 ID:10828 IpLen:20 DgmLen:40
**U*P**F Seq: 0x781204E9 Ack: 0x0 Win: 0x1000 TcpLen: 20 UrgPtr: 0x0
[ Xref => http://www.whitehats.com/info/IDS30 ] 

I have snort running, not snort2c:

# ps aux | grep snort
root   64949  0.0 24.8 66776 30332  ??  Ss   10:00AM   1:58.47 snort -c /usr/local/etc/snort/snort.conf -l /var/log/

And in the status->services page, snort shows as up and running (lowmem mode). Still I wonder if I have updated the signatures or not, but well. It works.

Hi... this is my first post in the forums. I've been using pfSense for over a year and a half by now, and I'm more than pleased with it's performance. Recently I installed snort, and tried to update the attacks signatures, when I came with the following strange issue. The thing is the update never seems to finish, it stays checking the md5 signature. Afterwards, when I retry I get the following message:

"Warning: file_get_contents(http://www.snort.org/pub-bin/downloads.cgi): failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden in /usr/local/www/snort_download_rules.php on line 98 You last updated the ruleset:   2008-04-02

Your snort rulesets are up to date."

I looked into the snort_download_rules.php file, and the 98th line has:

$text = file_get_contents("http://www.snort.org/pub-bin/downloads.cgi");

Basically, what I'm wondering is if the update was succesful or not 

Any hints will be appreciated. Thanks in advance.