Snort mailing list archives
Re: Same source/dest
From: Erek Adams <erek () snort org>
Date: Wed, 2 Apr 2003 12:57:22 -0500 (EST)
On Wed, 2 Apr 2003, Keg wrote:
Sorry guys for the question but how do I write the pass rule?
Just like any other, except instead of 'alert' or 'log' the action is 'pass'. Have a look at this [0] for an example. You can also find more info in the Snort Users manual.
Should a create the file and name it as pass.rules or should I simply add the following to the local rules.? pass ip 10.13.110.254 53 -> 10.13.110.254 any
That's all up to you. Depends on how you like to organize things. :) Since there's a blank local.rules in the default ruleset, I don't like to use that filename. It stops me from just copying the rules/* over to /etc/snort/rules/. I tend to use 'pass.rules' and 'my.rules' for pass and local stuff. You pick whatever way works for you. Just remember that you did it! :) Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.theadamsfamily.net/~erek/snort/ignore.txt ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Same source/dest Keg (Apr 01)
- Re: Same source/dest james (Apr 01)
- Re: Same source/dest Erek Adams (Apr 02)
- Re: Same source/dest James-lists (Apr 02)
- Re: Same source/dest Erek Adams (Apr 02)
- <Possible follow-ups>
- RE: Same source/dest Brei, Matt (Apr 02)
- Re: Same source/dest Keg (Apr 02)
- RE: Same source/dest Hutchinson, Andrew (Apr 02)
- RE: Same source/dest Brei, Matt (Apr 02)
- RE: Same source/dest Erek Adams (Apr 02)
- Re: Same source/dest Keg (Apr 02)
- Re: Same source/dest Erek Adams (Apr 02)
- Re: Same source/dest Keg (Apr 02)
- Re: Same source/dest Erek Adams (Apr 02)
- RE: Same source/dest Erek Adams (Apr 02)
- Re: Same source/dest james (Apr 01)
- RE: Same source/dest Erek Adams (Apr 02)
- RE: Same source/dest Erek Adams (Apr 02)