Snort mailing list archives

Re: Pass rule not passing preprocessors

From: Chris Green <cmg () sourcefire com>
Date: Mon, 21 Apr 2003 09:21:55 -0400

"Always Bishan" <bishan4u () yahoo co uk> writes:

Hi Snorters,

I wrote a pass rule which will pass anything coming
from one machine.
pass tcp 192.168.1.2 -> any any
pass icmp 192.168.1.2 -> any any
pass udp 192.168.1.2 -> any any


[...]

Now by writing this pass rule I'm able to avoid any
alerts from my rules directory, but preprocessors are
still generating alerts. 

Is there anyway to avoid this?


If you want to omit traffic from that machine completely, disable all
traffic from it in your bpf filter for snort.

snort <command args> not host 192.168.1.2
-- 
Chris Green <cmg () sourcefire com>
To err is human, to moo bovine.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Pass rule not passing preprocessors Always Bishan (Apr 20)
- Re: Pass rule not passing preprocessors Bennett Todd (Apr 20)
- Re: Pass rule not passing preprocessors Chris Green (Apr 21)