SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002350: Snort rules editor can´t set custom rules to drop - MantisBT
MantisBT - Endian Firewall
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0002350Endian FirewallOther Scriptspublic2009-10-31 15:442010-09-23 15:25
ReporterRenee 
Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusacknowledgedResolutionopen 
PlatformOSOS Version
Product Version2.3 
Target VersionfutureFixed in Version 
Customer Importance
Customer Occurrences
Queue
Summary0002350: Snort rules editor can´t set custom rules to drop
DescriptionI can´t set the custom rules under rules Action to drop the editor ignores the changes when I write the rules set in the config file /var/efw/snort/policies by hand to drop it works and the rules editor show the changes.And if she takes over then to the processed.rules file.
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2009-10-31 15:44ReneeNew Issue
2009-11-01 14:21ReneeNote Added: 0003205
2009-11-25 16:08peter-endianNote Added: 0003387
2009-11-25 16:08peter-endianStatusnew => feedback
2009-11-25 16:08peter-endianTarget Version => future
2009-11-25 19:34ReneeNote Added: 0003401
2010-09-23 15:25peter-endianStatusfeedback => acknowledged

Notes
(0003205)
Renee   
2009-11-01 14:21   
I have found one more mistake namely if custom rules were high loaded and the heels with rules SNORT automatically download out is made the existing automatic rules are not written any more in /etc/snort/processed.rules.
(0003387)
peter-endian   
2009-11-25 16:08   
cannot reproduce this.
Can you please explain step by step what exactly you did and what exactly does not work correctly then thereafter?

can it be that you have rules with the same sids as automatically downloaded rules and as custom rules? In this case the automatically downloaded rules will be used.
If you change the setting for one of these rules it will always affect both of them.

can you confirm this?
(0003401)
Renee   
2009-11-25 19:34   
I used the rules from http://www.emergingthreats.net/ [^] and as custom rules the rules set from snort.org when I uploaded the Custom rules the rules have under rules action the policy alert when I would change the rules set to drop the editor ignores the change and the policy are alert again.If I look in the processed.rules the new rules are written but only alert not drop the sids are not the same then when I wrote the custom rules under /var/efw/snort/policies to drop it works the editor show it as drop but I can´t change the set back to alert this goes only under the option editor but I can´t wrote any custom rule only to drop or alert.