Snort mailing list archives

Re: Snort3: builtin rules: how change action?

From: Meridoff via Snort-users <snort-users () lists snort org>
Date: Mon, 10 Dec 2018 13:52:51 +0300

When loading builtin rules In make_rule() I can see hardcoded "alert"
action and other header fields (tcp any/any) hardcoded too..
Is it supposed to be changed in future? So that header fields of builiin
rules can be changed?

Version - master.

пн, 10 дек. 2018 г. в 13:41, Meridoff <oagvozd () gmail com>:

Hello, with --dump-builtin-rules I can see builtin rules, which all have
'alert' action.

How I can change action of such rules (for example to 'drop' in inline
mode) ?

Thanks for attention

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Snort3: builtin rules: how change action? Meridoff via Snort-users (Dec 10)
- Re: Snort3: builtin rules: how change action? Meridoff via Snort-users (Dec 10)
  - Re: Snort3: builtin rules: how change action? Victor Roemer via Snort-users (Dec 18)
- Re: Snort3: builtin rules: how change action? Bethel Chiguware via Snort-users (Dec 10)