Snort mailing list archives
Re: Compiling snort for CheckPoint Firewall-1 support
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 12 May 2006 06:55:02 -0500
On Fri, 2006-05-12 at 11:00 +0200, carlopmart wrote:
Yes, correct but I need to modify snort rules by hand if i would to block some connections with snortsam (and if I launch process to update snort rules, they are overwritted and I lose my changes). I need to block connections immediately using snort rules and custom rules.
You can create a sid-block.map file instead of modifying rules. See README.rules: ---8<--- Instead of modifying the Snort rules, you can also create a file named sid-block.map which has to be in the same directory as Snort's sid-msg.map file (typically etc). In this file you can list the fwsam option using following syntax: <sid>:<option> For example: 1023: src, 15 min Alternatively, you may use a | (pipe) instead of a : (colon). This has the same effect as adding "fwsam: src, 15min;" to the Snort rule with SID 1023. You can specify options in both places (rules and sid-block.map file), but the sid file takes priority. The file has to be in the same directory as the other Snort config files (ie. sid-msg.map). --->8--- Regards, Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Compiling snort for CheckPoint Firewall-1 support carlopmart (May 11)
- RE: Compiling snort for CheckPoint Firewall-1 support Paul Melson (May 11)
- Re: Compiling snort for CheckPoint Firewall-1 support Frank Knobbe (May 11)
- Re: Compiling snort for CheckPoint Firewall-1 support carlopmart (May 16)
- Re: Compiling snort for CheckPoint Firewall-1 support Frank Knobbe (May 12)
- Re: Compiling snort for CheckPoint Firewall-1 support carlopmart (May 16)
- Re: Compiling snort for CheckPoint Firewall-1 support Nigel Houghton (May 16)
- Re: Compiling snort for CheckPoint Firewall-1 support Will Metcalf (May 16)
- Re: Compiling snort for CheckPoint Firewall-1 support carlopmart (May 16)
- <Possible follow-ups>
- RE: Compiling snort for CheckPoint Firewall-1 support Briggs, Bruce (May 16)