Snort mailing list archives
RE: Snort pass rules question
From: "Pietersma, Kevin (CA - Toronto)" <kpietersma () deloitte ca>
Date: Mon, 12 Aug 2002 16:57:09 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - From the SNORT FAQ (http://www.snort.org/docs/faq.html) 3.7 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq-- Q: How do I ignore traffic coming from a particular host or hosts? A: Write pass rules and add the host(s) to the portscan-ignorehosts list. Call Snort with the -o option to activate the pass rules. See http://www.snort.org/docs/writing_rules/ for more information. A: Use bpf on the commandline to ignore a host (for example): $ snort not host 192.168.0.1 Cheers, Kev Pietersma - -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Eric Joe Sent: Monday, August 12, 2002 3:43 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort pass rules question Hello, I am trying to get snort to ignore SNMP requests from a machine running MRTG to my router. I haveinclude $RULE_PATH/local.rules at the end of my snort.conf file and I have the following rule in my local.rules file: pass udp 192.168.1.3 any -> 192.168.1.1 161 Is my syntax correct? Do I have to use the -o switch to get it to use the local.rules? Thanks - -- Eric Joe Network Operations Journey's End Internet/Computer Connection Inc - ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPVghJWcZhd/EblG8EQIINACeKeXYhi+zIciV809QURCvZg8LVoAAoJPO l2qmeUudOW1sdSN2sQoO6z8m =1hT3 -----END PGP SIGNATURE-----
Attachment:
PGPexch.htm.asc
Description:
Current thread:
- Snort pass rules question Eric Joe (Aug 12)
- <Possible follow-ups>
- RE: Snort pass rules question McCammon, Keith (Aug 12)
- RE: Snort pass rules question Pietersma, Kevin (CA - Toronto) (Aug 12)