On Sun, Jun 12, 2016 at 7:32 PM, compdoc <comp...@hotrodpc.com> wrote:
> > I've never tried suricata so I cant say if its better, but snort works > pretty well. There is one problem with snort, however. It can watch > incoming > traffic as well as outgoing traffic. > > But when snort watches outgoing traffic, it flags and blocks almost > everything. That's too much trouble for me, so I have snort setup to only > watch incoming traffic. > > Even then, you will have to watch the alert and blocked lists to make sure > it doesn't block sites you need. That doesn't happen too often, though. > > When it does happen, you just click to add those rules to the suppress list > and remove the ip addresses from the blocked list. How do you have Snort configured to differentiate between incoming and outgoing traffic? _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold