Snort mailing list archives

Previous By Date Next
Previous By Thread Next

HOST exclusion

From: Invernizzi Fabrizio <Fabrizio.Invernizzi () TILAB COM>
Date: Wed, 29 Aug 2001 09:54:21 +0200
Hi all.

I am running snort 1.8.1-RELEASE (Build 74) and I need to pass some
addresses so:

        1- I defined two variables in snort conf file 
                var IGNORE_DST_HOST [10.10.10.0/24]
                var IGNORE_SRC_HOST [10.10.10.0/24]

        2- I added these rules 
                pass ip any any -> $IGNORE_DST_HOST any
                pass ip $IGNORE_SRC_HOST any -> any any

        3- I run snort with the -o flag to change the order in which the
rules are applied to
         packets

All seems ok, but it doesn't work: I still see lot of alterts in demarc
front-end from and to the passed addresses.
Any Idea?

Thanks

++Fabrizio

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: