Snort mailing list archives
RE: Excluding IPs in HOME_NET?
From: SRH-Lists <giermo () 333tech com>
Date: Thu, 3 Jun 2004 11:01:43 -0500
I don't want to run multiple instances of Snort or any other workarounds like that, I just want Snort to globally ignore traffic coming from a few specific IP addresses. Has anyone successfully managed to get this working? Paul Martin Network Technician Hilton Grand Vacations Co. (407) 393-3034 pmartin () hgvc com
Tack a bpf on to the end of your commandline, or create a file with the bpf string in it and refer to it with the -F cmdline option or with the config bpf_file: filters.bpf option in snort.conf. example: snort -c /etc/snort/snort.conf -A fast 'not host 1.2.3.4 and not host 5.6.7.8' -steve ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Excluding IPs in HOME_NET? Harper, Patrick (Jun 03)
- <Possible follow-ups>
- RE: Excluding IPs in HOME_NET? SRH-Lists (Jun 03)
- RE: Excluding IPs in HOME_NET? AJ Butcher, Information Systems and Computing (Jun 04)
- flowbits together with stream4_reassemble question Per Kristian Johnsen (Jun 09)
- RE: Excluding IPs in HOME_NET? AJ Butcher, Information Systems and Computing (Jun 04)