Snort mailing list archives
Better Blocking in Snort for pfSense
From: Daniel Fischer <dfischer () bearspawschool com>
Date: Fri, 31 Jan 2020 13:50:49 -0700
Good day, I hope that I am sending this to the appropriate place. We are looking to contribute financially to some development in the Snort package for pfSense. Bearspaw Christian School currently uses Snort in pfSense with OpenAppID as a tool to ensure students comply with our acceptable use policy for technology. This includes blocking proxy and VPN connections, restricting traffic from certain web browsers, and a few other rules. In this way, we aren't so much using Snort as an IDS so much as using it as a web filter. It has worked very well for this and routinely identifies traffic correctly. However, Snort's method of blocking is a bit too heavy handed for what we need. We don't want to block an IP for 15 minutes, we just want to block the traffic that caused the alert. We are using Snort for this purpose because OpenAppID is very good at identifying the traffic we don't want. We considered Suricata which has this type of blocking, but it does not support OpenAppID. We are unable to use another solution which relies on SSL inspection, because we already use a cloud-based filtering solution doing SSL inspection, and to have two devices doing this creates problems. To that end, I am writing this email to see if someone could tell me how we might go about paying for someone to add the option to have Snort block only offending traffic and not IP addresses. We fully support open source technologies, and would rather spend our money on developing an already excellent tool than on a proprietary firewall device that may still not meet our needs. Thanks for your time, Daniel Fischer Network Administrator Bearspaw Christian School
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Better Blocking in Snort for pfSense Daniel Fischer (Feb 04)
- Re: Better Blocking in Snort for pfSense Bill - Google Account via Snort-devel (Feb 04)
- Re: Better Blocking in Snort for pfSense B B via Snort-devel (Feb 04)
- Re: Better Blocking in Snort for pfSense Daniel Fischer (Feb 04)
- Re: Better Blocking in Snort for pfSense Bill - Google Account via Snort-devel (Feb 04)