Important

Netgate is offering COVID-19 aid for pfSense software users, learn more.

Snort Rules

Rules

Use the Rules tab for the interface to configure individual rules in the enabled categories. Generally this page is only used to disable particular rules that may be generating too many false positives in a network environment. Be sure they are in fact truly false positives before taking the step of disabling a Snort rule!

Select a rules category from the Category: drop-down to view all the assigned rules. Click the fa-check-circle or fa-check-circle-o icon at the far-left of a row to toggle the rule’s state from enabled to disabled, or click fa-times-circle or fa-times-circle-o to toggle from disabled to enabled. The icon will change to indicate the state of the rule. At the top of the rule list is a legend showing the icons used to indicate the current state of a rule.

../../_images/snortrulesenabledisable.png ../../_images/snortrulesenabledisable2.png