>Martin,
>>From: Martin Månsson [mailto:[email protected]] >>Sent: Tuesday, 24 May 2011 8:01 PM >>To: [email protected] >>Subject: [pfSense Support] Snort and pfsense >> >>Im using PFsense 2.0 rc2 and have a question reguarding snort >> >>When snort generates a block is there any option to only block that one >>service, and not the host entirely ? >>I have enabled the p2p rules and block offenders, when I start >>bittorrent on a host, that host loses every connection to the outside world I >>just want that one service to be blocked. >What you are looking to do is Layer 7 filtering, not intrusion detection >(which is what Snort is designed for). You can do this in PFSense 2.0 under >Firewall -> Traffic Shaper -> Layer 7. >It's pretty self explanatory when you are adding an L7 rules group, just add >the protocols you want to block and make sure the container is enabled, you >then need to create a firewall rule to choose what traffic you would like the >L7 rule to apply to. I have tried that but couldn't get anything to block with the p2p rules, ill have another go at it, do someone have any pointers? >> >>Best regards >> >>Martin Månsson >Cheers, >Daniel Davis Best reguards Martin Månsson --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
