Greetings to community,
I’ve configured pfblocker-ng in pfsense 2.5.0 version . Blocked many social networking, streaming and some other categories as well it is working fine , but some users installed vpn app in there system / phones to bypass that restriction. I’ve installed snort and enable appID as well. When I enable block offender it start to block every one in network . I’ve added my system ip into passlist to avoid blocking by snort rules selected as below
emerging-scan.rules <== ET open snort_indicator-scan.rules <=== ET_text vpn_tunnel <== appID
Home Net : seletected the default
and Which IP to block set to : Dst
My only goal with snort is to block vpn tunnels , I know it wont work out 100% but it will be fine to save some of my bandwidth .