Martin,
>From: Martin Månsson [mailto:m...@bib.sdu.dk] >Sent: Tuesday, 24 May 2011 8:01 PM >To: support@pfsense.com >Subject: [pfSense Support] Snort and pfsense > >Im using PFsense 2.0 rc2 and have a question reguarding snort > >When snort generates a block is there any option to only block that one >service, and not the host entirely ? >I have enabled the p2p rules and block offenders, when I start bittorrent on a >host, that host loses every connection to the outside world >I just want that one service to be blocked. What you are looking to do is Layer 7 filtering, not intrusion detection (which is what Snort is designed for). You can do this in PFSense 2.0 under Firewall -> Traffic Shaper -> Layer 7. It's pretty self explanatory when you are adding an L7 rules group, just add the protocols you want to block and make sure the container is enabled, you then need to create a firewall rule to choose what traffic you would like the L7 rule to apply to. > >Best regards > >Martin Månsson Cheers, Daniel Davis --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
