Snort mailing list archives
Re: rules in snort inline
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 15 Jun 2010 16:01:31 -0400
On Jun 15, 2010, at 3:52 PM, Nigel Houghton wrote:
On Tue, Jun 15, 2010 at 3:33 PM, black_angel black_angel <black.sad.angel () gmail com> wrote:hey everybody, i try to change all the rules for my snort inline from mode "alert" to "drop" i used this script but it doesn't work correctly: cd /etc/snort_inline/rules/ for file in $(ls -1 *.rules) do sed -e 's:^alert:drop:g' ${file} > ${file}.new mv ${file}.new ${file} -f done if someone have another script or any ideaDon't do that, any of you. There are flowbit rules (the ones that set a flowbit) that should never be set to drop. Use Pulled Pork or Oinkmaster to manage your rules and make changes. That is all.
Yes, and doing the above will also assure to make sure your network ceases to function. -- Joel Esler ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- rules in snort inline black_angel black_angel (Jun 15)
- Re: rules in snort inline JJC (Jun 15)
- Re: rules in snort inline Nigel Houghton (Jun 15)
- Re: rules in snort inline Joel Esler (Jun 15)
- Re: rules in snort inline Paul Schmehl (Jun 15)
- Re: rules in snort inline Joel Esler (Jun 15)
- Re: rules in snort inline Burks, Doug (Jun 15)
- Re: rules in snort inline Crook, Parker (Jun 15)
- Re: rules in snort inline Burks, Doug (Jun 15)
- Re: rules in snort inline Crook, Parker (Jun 15)
- Re: rules in snort inline Tomas Heredia (Jun 15)