Snort mailing list archives
Re: Excluding a single IP from HOME_NET
From: Jeff Kell <jeff-kell () utc edu>
Date: Fri, 30 May 2008 09:03:29 -0400
Cees wrote:
(BTW Jeff, a pass rule won't work since the IDS isn't placed inline.)
If you use the pass rule, and run snort with "-o" so pass rules come first, the net effect is that your excluded IP matches the pass rule and no further rules are evaluated on that packet. Doesn't matter if you're inline or not. Jeff ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Excluding a single IP from HOME_NET Cees (May 29)
- Re: Excluding a single IP from HOME_NET Jeff Kell (May 29)
- Re: Excluding a single IP from HOME_NET Todd Wease (May 29)
- Re: Excluding a single IP from HOME_NET Cees (May 30)
- Re: Excluding a single IP from HOME_NET Jack Pepper (May 30)
- Re: Excluding a single IP from HOME_NET Jeff Kell (May 30)
- Re: Excluding a single IP from HOME_NET Cees (May 30)
- Re: Excluding a single IP from HOME_NET Jack Pepper (May 30)
- Message not available
- Re: Excluding a single IP from HOME_NET Cees (Jun 06)
- Re: Excluding a single IP from HOME_NET Cees (May 30)