So i've been diving into snort recently on our PFSense. I'm quite happy with the setup i've got going now, and the alerts generated are mostly genuine threats. I'm running this on a WAN and VPNWAN interface. The blacklist is filling up nicely, and for testing purposes the blocked adresses never leave the blacklist automatically.Now, i wanted to test to see if the blocking part is working and devised the following test:
Step 1. Downloaded an Remote desktop app on my mobile phone (cause it uses a public ip address trough mobile data).
Step 2. tried a bunch of MSTSC connections at our VPNWAN interface.
Step 3. Low and behold, i get noticed and added to the blocklist. So now my cellphone's ip is blocked by snort.
Step 4. Try connecting the phone to our VPN the normal way, Aaaaaaaaanndddd............... I got connected.
How can i connect with...