Snort mailing list archives
Rule header variables
From: "Jim Schwin" <jims () darbygroup com>
Date: Wed, 22 Jan 2003 18:48:50 -0500
Hello All, Can a rule header specify all traffic except a few subnets or hosts? In this example can the source have variables to exclude a few subnets or hosts? alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"GAMBLING GAMES";content:"GAMBLING"; nocase; flow:to_client,established; sid:20000; rev:1000;) thanks js
Current thread:
- Rule header variables Jim Schwin (Jan 22)
- Re: Rule header variables Erick Mechler (Jan 22)
- <Possible follow-ups>
- Re: Rule header variables Matt Kettler (Jan 22)
- Re: Rule header variables Erick Mechler (Jan 22)
- Re: Rule header variables Matt Kettler (Jan 22)
- HTML E-Mail Rule Mike Koponick (Jan 22)
- Re: HTML E-Mail Rule Matt Kettler (Jan 22)
- RE: HTML E-Mail Rule Gordon Cunningham (Jan 22)
- Re: Rule header variables Erick Mechler (Jan 22)