Snort mailing list archives

Re: multiple ports in rule

From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 17 Dec 2003 16:36:44 -0500

At 01:19 PM 12/17/2003, Bryan Irvine wrote:

Is there a way to specify not to use port 25 either?

ie [!80 !25] or something?

This is snort v 2.0.1 by the way.


No..

ports can be single ports, ranges of ports, or negations of either. Theycan NOT be comma delimited lists. (At this time only IP addresses can be lists)

besides, even if you could do that [!80, !25] would be the same as "any"...you'd have meant to do ![80, 25]. There's a very important differencebetween the two in terms of boolean algebra...

be sure to make a note of it so you don't screw up your network rangedeclarations, since IP addresses do support this syntax.






-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

multiple ports in rule Bryan Irvine (Dec 17)
- Re: multiple ports in rule Matt Kettler (Dec 17)