Snort mailing list archives
RE: A little pass rule help
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Mon, 14 Apr 2003 18:31:17 -0400
10.0.0.0 is not a valid host IP -- it's a network address. So if you want to have the 10.0.0.0 network be the destination of the pass rule, then the rule should look something like: pass ip 10.0.30.4 any -> 10.0.0.0/8 any The second rule should also include a port designator: pass ip 10.0.20.6 any -> any any See if this helps. - Christopher -----Original Message----- From: Keg [mailto:snrtlst () netscape net] Sent: Monday, April 14, 2003 5:14 PM To: snort-users () lists sourceforge net Subject: [Snort-users] A little pass rule help I have 2 pass rules that I placed in local.rules: (snort started with -o) pass ip 10.0.30.4 any -> 10.0.0.0 any pass ip 10.0.20.6 any -> any First should take care of cluster servers broadcasts, second takes care of weird ICMP redirects from Shiva device. Snort cannot be started and it complains about those pass rules, the moment I disable 'em snort is started and it works fine. Is there a syntax problem with those pass rules? Thanks. -- Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- A little pass rule help Keg (Apr 14)
- Re: A little pass rule help Chris Green (Apr 21)
- <Possible follow-ups>
- RE: A little pass rule help L. Christopher Luther (Apr 14)
- Re: A little pass rule help Keg (Apr 15)
- Re: A little pass rule help Keg (Apr 15)
- RE: A little pass rule help L. Christopher Luther (Apr 15)