Snort mailing list archives
Re: Pass Rule
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 26 Nov 2002 15:49:30 -0600
On Tue, 2002-11-26 at 15:44, Joseph Nuara wrote:
I have it at the top of the rules list local.rules dns.rules and the is still sending the messages. Any other ideas?
hrmpf.... no, not really. When I want to mask rules, I just copy the rule from whatever.rules and paste it into pass.rules, modifying the IP as necessary. I'm still on 1.8.7 though. I could be that there is a bug in the version you are using. If the other IP address is a trusted host, then don't use the content field so that all DNS traffic is passed. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Pass Rule Joseph Nuara (Nov 26)
- Re: Pass Rule Frank Knobbe (Nov 26)
- Re: Pass Rule Joseph Nuara (Nov 26)
- Re: Pass Rule Frank Knobbe (Nov 26)
- Re: Pass Rule Joseph Nuara (Nov 26)
- Re: Pass Rule Joseph Nuara (Nov 26)
- Re: Pass Rule Matt Kettler (Nov 26)
- Re: Pass Rule Joseph Nuara (Nov 26)
- Re: Pass Rule Erek Adams (Nov 26)
- Re: Pass Rule Frank Knobbe (Nov 26)