Feature #6831
openSnort does not support aliases containing FQDN
0%
Description
Snort does not support aliases containing FQDN. The pass list in snort's settings has a list which points to a system-wide alias which contains 100+ FQDN entries and snort seems not to be able to use it saying:
FQDN aliases are not supported in Snort.
By being so, users are forced to maintain IP addresses or IP ranges in their already light-years long aliases, or worst, disable the triggering rules in snort, therefore mining the effectiveness of the snort application.
Updated by Kill Bill about 8 years ago
Reading this would help to understand why it's not supported.
https://forum.pfsense.org/index.php?topic=87211.msg514703#msg514703
Updated by Renato Botelho almost 8 years ago
- Priority changed from High to Normal
- Target version deleted (
2.4.0)
Keeping it opened for reference but I'm not sure if Bill Meeks will implement it based on his comments on the forum thread linked above
Updated by Viktor Gurov over 4 years ago
It can be a one-time name resolution, like HAproxy ACL (network/url/urltable aliases),
see #9793 for example