Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - ComputerFreek

Pages: [1]
General Questions / Re: PfSense --> Snort Supress list not working
« on: December 31, 2017, 05:01:49 pm »
Hey NogBadTheBad,

Thanks for the reply. I did what you suggested - and it didn't work... See screen shots. I tried reloading the live data and that didn't fix the issue either. Until......

I restarted the firewall it self.... Do I have an issue with the live data within snort?


General Questions / PfSense --> Snort Supress list not working
« on: December 31, 2017, 06:49:21 am »
Hello Everyone.

Not sure if this is a bug or if I'm doing something wrong. I get a alert which causes a block and I suppress the block and remove the block. But it still blocks the suppression during the next attempt.

See PDF Files for Snort Settings

Current Suppression list:
suppress gen_id 120, sig_id 3
suppress gen_id 120, sig_id 8
suppress gen_id 119, sig_id 32
suppress gen_id 119, sig_id 2
suppress gen_id 137, sig_id 1
suppress gen_id 119, sig_id 4
suppress gen_id 119, sig_id 33
suppress gen_id 120, sig_id 10
suppress gen_id 119, sig_id 7
suppress gen_id 1, sig_id 2013504
suppress gen_id 1, sig_id 2017871
suppress gen_id 1, sig_id 2012648
suppress gen_id 1, sig_id 2013504
suppress gen_id 1, sig_id 2020565
suppress gen_id 1, sig_id 2003311
suppress gen_id 1, sig_id 2018959
suppress gen_id 1, sig_id 2013031

But the 1:2013031 keeps coming back.... Even Stopping Snort does not allow the data to go through. All i'm trying to do is perform a APT-GET within Ubuntu.


Firewalling / Firewall - Port Forwarding and Filtering?
« on: February 02, 2015, 02:53:38 pm »
hello everyone,

I have setup PFSense on a older WatchDog red rackmount router and I was hoping someone could point me in the right direction.

I want to use this router to replace my aging wired netgear router. Currently I have my netgear forwarding port 80 to my homeserver. I know expensive routers can be placed in a leaner mode or only allow certain protocols inbound on a port. Basically I want to only allow HTTPS traffic on port 80 to my internal server. My current netgear router allow ftp, http, https all over 80 if you force the port. I don't want that.

Thank you! Sorry I don't know the correct tech terms for the solution I'm looking for. 

Kyle !

Pages: [1]