Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: A little pass rule help

From: Chris Green <cmg () sourcefire com>
Date: Mon, 21 Apr 2003 09:13:41 -0400
Keg <snrtlst () netscape net> writes:


I have 2 pass rules that I placed in local.rules: (snort started with -o)
pass ip 10.0.30.4 any -> 10.0.0.0 any
pass ip 10.0.20.6 any -> any
First should take care of cluster servers broadcasts, second takes
care of weird ICMP redirects from Shiva device. Snort cannot be
started and it complains about those pass rules, the moment I disable
'em snort is started and it works fine.
Is there a syntax problem with those pass rules?


pass ip 10.0.20.6 any -> any

should be

pass ip 10.0.20.6 any -> any any

Thanks.
-- 
Your favorite stores, helpful shopping tools and great gift
ideas. Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
Chris Green <cmg () sourcefire com>
A watched process never cores.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: