Re: Pass Rule not working?

[Shane Williams <shanew () shanew net>]

On Wed, 24 Jul 2002, Steve Lebeda wrote:

> I've been getting alerts in ACID because of ICMP packets. The message is 
> ICMP Destination Unreachable (Communication Administratively Prohibited)
> I know this particular issue has been addressed previously and I think I 
> understand why it's happening. The servers on my Home Net are trying to 
> ping to places that they aren't allowed to ping and the packets are being 
> returned by an intermediary device. Trying to be clever, I wrote a pass 
> rule in my local.rules file:
>
> pass icmp any any -> *.*.*.* any (itype: 3; icode: 13)
>
> I'm still getting errors.
>
> What'd I do wrong?

Maybe I'm missing something, but did you try:
pass icmp any any -> any any (itype: 3; icode: 13)

I don't think *.*.*.* is a valid IP address in a rule.

-- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                |                               
=----------------------------------+-------------------------------
All syllogisms contain three lines |              shanew () shanew net
Therefore this is not a syllogism  |   www.gslis.utexas.edu/~shanew



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users