Snort mailing list archives

Previous By Date Next
Previous By Thread Next

what is the difference between these rules!??!?!

From: funky <azimlinux () yahoo com>
Date: Sat, 3 Aug 2002 10:42:31 -0700 (PDT)

Hi,

I'm trying to block some sites using the hogwash patch
for Snort.

I tried the rule below like the porn.rules:

drop tcp $EXTERNAL_NET 80 -> $HOME_NET any /
(msg:"Game site in not
allowed!!";content:"tavla";nocase;flags:A+)

Tyring to enter a web-site froma client, for exemple
www.tavla.com, i can enter that, why!?!??!?!
i have to modify the rule like below in order to block
the site:

drop tcp any any <> any any /
(msg:"Game site is not allowed!!"; content:"tavla";)

Now i'M not allowed to enter the sites.
So do i have to modify the rules like that which i
wanna apply the "drop" option!??!??!

Anyone can help me in that case please?!?!?

thanx

funky
Istanbul



__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: