Re: Stopping particular rules

["GeEk" <koolman () visi0n net>]

Like Joe said you need you're -o option to get the custom ICMP rule you
created to work (because the -o option make pass rules take presidence) .
Also not all of the rules pertaning to ICMP are in the some are in
misc.rules and info.rules




-- 
LinSys

-----

When you die and your life flashes before your eyes does
that include the part where your life flashes before your
eyes?

-----

On Mon, 25 Jun 2001, Joe McAlerney wrote:

> Hello Bennett,
>
> I'm not sure why you are still seeing them when the includes are
> commented out.  Perhaps there are some hidden in other .rules files like
> Kiira said.  As far as your pass rule, you must use -o to change the
> rule ordering, or the "alert" icmp rules will take precedence.
>
> Happy Snorting,
>
> -Joe M.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users