White listing not performing as expected

[Tommie Giles <tgiles () gmail com>]

Morning, all.

I have a device on my networking that I'm endeavoring to white list.
However, it stubbornly refuses to follow my directives and I keep
getting alerts on it. Running 2.8.4.1 (Build 38). Everything else
seems to be configured normally, just this one thing is a thorn in my
side on this device. Here's the relevant configuration bits from
snort:


[snort.conf]

var $HOME_NET
10.199.0.0/25

[threshold.conf]

suppress gen_id 1, sig_id 1, track by_dst, ip 10.199.0.115
suppress gen_id 1, sig_id 1, track by_src, ip 10.199.0.115

[excludes.conf, where I'm using BPF filters to exclude some traffic, like this]

and not (src host 10.199.0.115)

I do have the IP listed twice more in other blocks in my BPF excludes
(all exclusions), but otherwise this is the majority of the
configuration relevant to the device.

Thanks for any input on this.

Cheers,

tom


-- 
Tommie Giles

"If all else fails, immortality can always be assured by spectacular error."

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users