pfSense & Snort

Posted: June 21st, 2016 | Author: | Filed under: FreeBSD, pfSense, Snort | No Comments »

pFsense has an option to have Snort installed via the package manager. Snort tells you what kind of attack is coming, it can be a bit of information overload. However pfSense’s Snort GUI is quite intuitive and you can pick and choose what kind of rules interest you.

To setup Snort, I discover that pfSense’s default size for /tmp and /var directories are too small for Snort’s various rule sources. So what happens is while you are downloading the Snort rules, it will fail (Snort tar.gz can be over 32MB).

To fix that is really simple:

Go to: System -> Advanced -> Miscellaneous and change the /tmp and /var settings, for me, I have set it to 64MB, the default is 32MB. Click “Save” It will restart. Now try, downloading the Snort rules, it will work great!

Simple! 🙂

Comments are closed.