Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rules and Actions

From: Paul Schmehl <pauls () utdallas edu>
Date: 07 Mar 2003 09:28:52 -0600
On Fri, 2003-03-07 at 06:48, Graeme Thompson wrote:

I am new to snort, and at the moment trying to learn how to use it.
One of the many questions I have is:
If you set up a rule to "pass" a packet in the action will it be
ignored by all other rules from then on. I have tried this and it
still actions the packet further on, but at this stage I am not sure
if I have the syntax correct.
 

pass rules are processed after the other rules.  In order to change that
order, you must start snort with the -o switch.  Be careful though, you
can end up passing everything if you write a pass rule incorrectly.

-- 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: