Snort mailing list archives
Re: /var/log/snort/some.ip.addr.dir/ permissions pr oblem
From: ipwitch <ipwitch () unixcluster dk>
Date: Fri, 11 Apr 2003 01:45:05 +0200
-----BEGIN PGP SIGNED MESSAGE----- On Friday 11 April 2003 00:08, David Alonso De La Vega Tapage wrote:
To ignore ALL ICMP traffic from host <foo> using a pass rule: pass icmp <foo> any -> $HOME_NET any And you _MUST_ start snort with the '-o' parameter for the pass rule to work correctly. where is the place to put this rule .. ? inside of snort.conf file .. or in other file .. apart .. ?
rules.local check the bottom of snort.conf, there you can see which files snorts reads rules from.... - -- public key: http://unixcluster.dk/public.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iQCVAwUBPpYCAVHydoME146BAQGiWQQAsx9zhfJbNM3G52cQpRmmhdeto5g6/3Gp w3new87iLAADCyqdb3iRmZHOc+YHbifloE0WHdwlnl5JB/nX6yJPpBOpuvoaszwc waFiaypuzPz6vxYr0b9qnda1YZLHE1mfhq2QGqLbanRuMpF7TTrLCUTl+HSEejc3 6Pt6uJVXVRA= =pH3h -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: /var/log/snort/some.ip.addr.dir/ permissions pr oblem Matt Yackley (Apr 10)
- Re: /var/log/snort/some.ip.addr.dir/ permissions pr oblem David Alonso De La Vega Tapage (Apr 10)
- Re: /var/log/snort/some.ip.addr.dir/ permissions pr oblem ipwitch (Apr 10)
- Re: /var/log/snort/some.ip.addr.dir/ permissions pr oblem David Alonso De La Vega Tapage (Apr 10)