The pfSense Store

Author Topic: Broken?  (Read 918 times)

0 Members and 1 Guest are viewing this topic.

Offline bdgisme

  • Newbie
  • *
  • Posts: 2
    • View Profile
Broken?
« on: April 17, 2009, 10:54:08 pm »
I realize many of these packages are in alpha/beta, but I'm wondering if others are having the same experiences I am.
I'm running 1.2.2.

Snort detects intrusion attempts, but, with the block offenders option selected, nothing ever gets blocked.  When I add the new dashboard, and add snort, I see the intrusion attempts, but they never get blocked.  Am I not understanding how this is supposed to work.  I've used snort on other systems in the past and it did work (block hosts).

NUT is always stuck "NUT is enabled, however the service is not running!"  I've tried things I read in forums, but it still has problems.  Suggestions?

IMSpector does nothing.  I have it monitoring all local interfaces, all protocols, I enabled logging, and I watch users chat and the logs stay empty.  Suggestions?

HTTP Antivirus.  This seems like a nice feature, but it simply isn't working.  I'm looking for transparent virus filtering of http traffic.  Thought this would be a simple solution.  The eicar test virus gets through.

Is it just me or have others had these problems.  These are some key features I'm looking for.

Thanks...


Offline bdgisme

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: SNORT Broken?
« Reply #1 on: May 03, 2009, 09:33:21 pm »
I'm bumping this and going to narrow it down to snort.
I'm not able to get snort to block offending hosts.
Snort is running, and under the alerts tab, I see alerts.
I've used grc.com and www.testmyids.com.
Both sites generate a snort alert.
On the settings page, I have the Block Offenders options checked.
This options is described as "Checking this option will automatically block hosts that generate a snort alert."
I have an Oinkmaster code entered.
I have all categories selected.
Rules update successfully.
But, under the blocked tab, there are never any hosts listed.
And I can continue to access sites that (as I understand) should be blocked.
Suggestions?  Am I not understanding something?  Any assistance would be greatly appreciated.