Hi Andreas, > After configuring packet fence to be used with snort, we've detected > that the rogue DHCP violations are sent even if they're disabled. > Is there any way to add the MAC address of the PF server as whitelisted? > > Tried adding the category of the node to be whitelisted without succeed. > Rogue DHCP was (before our next release) treated a bit differently than regular violation types. This will be fixed in 3.1.
However, what you want to do here instead of whitelisting PF's MAC or whitelisting it's category is to add all your genuine DHCP Server IP addresses to the dhcpservers= list in pf.conf under [general]. Restart your pfdhcplisteners after the change. Let us know if it fixes it. Cheers! -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
