Snort does not support aliases containing FQDN
Snort does not support aliases containing FQDN. The pass list in snort's settings has a list which points to a system-wide alias which contains 100+ FQDN entries and snort seems not to be able to use it saying:
FQDN aliases are not supported in Snort.
By being so, users are forced to maintain IP addresses or IP ranges in their already light-years long aliases, or worst, disable the triggering rules in snort, therefore mining the effectiveness of the snort application.
#1 Updated by Kill Bill almost 3 years ago
Reading this would help to understand why it's not supported.