Snort mailing list archives
Help! An error about "reject" action with build261
From: sofardware via Snort-users <snort-users () lists snort org>
Date: Wed, 16 Oct 2019 15:36:28 +0800 (CST)
Hi all, I start snort(build261) failed with reject = { } in snort.lua, and the error is as follow . But it can be done successfully with snort version of build 250. The error is as follow: FATAL: Active response: can't open Fatal Error, Quitting.. After my debuging , I found when add the follow config to snort.lua can resolve the above erro with reject = {}: active = { attempts = 2, device = "eth0", dst_mac = "00:06:76:DD:5F:E3", } The snort3_manual says:dst_mac will change response destination MAC address, if the device is eth0, eth1, eth2 etc. Otherwise, response destination MAC address is derived from packet. What is more important, I do not want to set a fixed MAC address rather than want the response destination MAC address is derived from packet. So How to resolve it? Another question, what is difference between reject and reset as rule action ?
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Re: snort3_build261 cannot work with nfq Re:Re: Help! A critical error in appid, but not occur every time。, (continued)
- Re: snort3_build261 cannot work with nfq Re:Re: Help! A critical error in appid, but not occur every time。 Michael Altizer (mialtize) via Snort-users (Oct 09)
- Help!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 09)
- Help please!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 09)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq Russ Combs (rucombs) via Snort-users (Oct 09)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 09)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 09)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 10)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq Michael Altizer (mialtize) via Snort-users (Oct 10)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq Michael Altizer (mialtize) via Snort-users (Oct 11)
- new Help please!!! snort_build261 appid can not identify http sofardware via Snort-users (Oct 12)
- Help! An error about "reject" action with build261 sofardware via Snort-users (Oct 16)
- Re: Help! An error about "reject" action with build261 Meridoff via Snort-users (Oct 16)
- Re: Help! An error about "reject" action with build261 sofardware via Snort-users (Oct 16)
- Re: snort3_build261 cannot work with nfq Re:Re: Help! A critical error in appid, but not occur every time。 sofardware via Snort-users (Oct 10)
- Re: snort3_build261 cannot work with nfq Re:Re: Help! A critical error in appid, but not occur every time。 Michael Altizer (mialtize) via Snort-users (Oct 11)