Pass rule not working...

[-=Quequero=- <quequero () bitchx it>]

Hi all, i need some help please :((, i have some problems with a pass rule, 
here is
a snippet of my configuration:

snort.conf:
var HOME_NET [192.168.1.0/24,10.0.0.0/8]
var EXTERNAL_NET any

preprocessor portscan-ignorehosts: $HOME_NET

local.rules:
pass tcp $HOME_NET any -> $HOME_NET 8001
pass tcp $HOME_NET 8001 -> $HOME_NET any

snort of coz is running with -o option:
snort -o -AFull -D -u snort -i any -dev ...

that pass rule should ignore all traffic coming from (and going to) my 
$HOME_NET on
port 8001, but my logs are full of:

TCP src: 10.0.0.1 dst: 10.0.0.2 sport: 8001 dport: 1185 tgts: 1 ports: 25 
flags: ***AP*** event_id: 2841
TCP src: 10.0.0.1 dst: 10.0.0.2 sport: 8001 dport: 1184 tgts: 1 ports: 26 
flags: ***AP*** event_id: 2841
TCP src: 10.0.0.1 dst: 10.0.0.2 sport: 8001 dport: 1186 tgts: 1 ports: 27 
flags: ***AP*** event_id: 2841
TCP src: 10.0.0.1 dst: 10.0.0.2 sport: 8001 dport: 1239 tgts: 1 ports: 21 
flags: ***AP*** event_id: 0
TCP src: 10.0.0.1 dst: 10.0.0.2 sport: 8001 dport: 1240 tgts: 1 ports: 22 
flags: ***AP*** event_id: 3711

is there a way to avoid this?? thanx a lot to all :)))))))))))))


-=Quequero=-
SpP/Member www.spippolatori.com
UIC Founder www.quequero.tk
Linux Registered User #207978 



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users