Project

General

Profile

Actions
Copy link

Bug #3850

closed

Snort "add a new interface based on this" creates a bad configuration

Added by Braden Del More over 11 years ago. Updated almost 11 years ago.

Status:
Resolved
Priority:
Low
Assignee:
-
Category:
Snort
Target version:
-
Start date:
09/06/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.1.x
Affected Plus Version:
Affected Architecture:
amd64

Description

pfSense 2.1.5-RELEASE (amd64)
Snort 2.9.6.2 pkg v3.1.2

Using the "add a new interface based on this one" button causes the new interface to inherit the same -R argument to the snort command. This results in bad behaviour when shutting down/starting up.

For example, when starting cold, the first interface starts fine, but the next (created based on the first) is issued a soft restart for process that doesn't exist.

SnortStartup64120: Snort STOP WAN
SnortStartup6135: Snort SOFT RESTART for WAN2...

The workaround is to destroy the cloned interface and manually re-create it, and then everything is fine.

Actions
Copy link
 #1

Updated by Braden Del More over 11 years ago

Apologies for not using /pre in my previous message.

SnortStartup[64120]: Snort STOP WAN(8409_ig2)
SnortStartup[6135]: Snort SOFT RESTART for WAN2(8409_ig2)
Actions
Copy link
 #2

Updated by Bill Meeks over 11 years ago

I am a volunteer maintainer for the Snort package on pfSense. Thank you for reporting this bug. It will be corrected in the next Snort package update.

Bill

Actions
Copy link
 #3

Updated by Chris Buechler about 11 years ago

  • Status changed from New to Feedback

Bill: was this fixed?

Actions
Copy link
 #4

Updated by Renato Botelho almost 11 years ago

  • Status changed from Feedback to Resolved

It was fixed

Actions
Copy link

Also available in: Atom PDF