Snort mailing list archives
Re: Pass rule not passing preprocessors
From: Chris Green <cmg () sourcefire com>
Date: Mon, 21 Apr 2003 09:21:55 -0400
"Always Bishan" <bishan4u () yahoo co uk> writes:
Hi Snorters, I wrote a pass rule which will pass anything coming from one machine. pass tcp 192.168.1.2 -> any any pass icmp 192.168.1.2 -> any any pass udp 192.168.1.2 -> any any
[...]
Now by writing this pass rule I'm able to avoid any alerts from my rules directory, but preprocessors are still generating alerts. Is there anyway to avoid this?
If you want to omit traffic from that machine completely, disable all traffic from it in your bpf filter for snort. snort <command args> not host 192.168.1.2 -- Chris Green <cmg () sourcefire com> To err is human, to moo bovine. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Pass rule not passing preprocessors Always Bishan (Apr 20)
- Re: Pass rule not passing preprocessors Bennett Todd (Apr 20)
- Re: Pass rule not passing preprocessors Chris Green (Apr 21)