Access the Pfsense System menu and select the Package manager option.
On the package manager screen, access the Available packages tab.
On the Available packages tab, search for SNORT and install the Snort package.
In our example, we installed the Snort package version 22.214.171.124.
Wait the Snort installation to finish.
Access the Pfsense Services menu and select the Snort option.
On the Global settings tab, locate the Snort Subscriber Rules and perform the following configuration:
• Enable Snort VRT - Yes
• Snort Oinkmaster Code - Enter you OikCode
If you don't have an Oinkcode, access the Snort website, create an account and get a free Oinkcode.
Locate the Rules Update Settings area and perform the following configuration:
• Update Interval - Select the desired update interval
• Update Start Time - Set the desired time to update the Snort rules
Locate the General Settings area and perform the following configuration:
• Remove Blocked Hosts Interval - 1 Hour
• Remove Blocked Hosts After Deinstall - No
• Keep Snort Settings After Deinstall - Yes
• Startup/Shutdown LoggingUpdate Interval - no
On the Updates tab, Click on the Update rules button to download the Snort rules.
On the Snort Interfaces tab, Click on the Add button and perform the following configuration.
• Enable - Yes
• Interface - Select the desired interface to monitor
Locate the Alert Settings area and perform the following configuration:
• Send Alerts to System Log - Yes
• Block Offenders - Enable if you want to block offenders
• Kill States - Yes
• Which IP to Block - BOTH
After finishing the configuration, click on the Save button.
On the Snort interfaces screen, edit the interface configuration.
Access the Wan categories tab and perform the following configuration:
• Resolve Flowbits - Yes
• Use IPS Policy - Yes
• IPS Policy Selection - Connectivity
In our example, we enabled the IPS feature and selected the policy named Connectivity.
After finishing the configuration, click on the Save button and start the Snort service on the interface.
Congratulations! You have finished the Snort installation on a Pfsense server.