Snort mailing list archives
Re: Compiling snort for CheckPoint Firewall-1 support
From: carlopmart <carlopmart () gmail com>
Date: Fri, 12 May 2006 16:54:50 +0200
Thanks Frank, I don't see this feature. Many thanks to all. Frank Knobbe wrote:
On Fri, 2006-05-12 at 11:00 +0200, carlopmart wrote:Yes, correct but I need to modify snort rules by hand if i would to block some connections with snortsam (and if I launch process to update snort rules, they are overwritted and I lose my changes). I need to block connections immediately using snort rules and custom rules.You can create a sid-block.map file instead of modifying rules. See README.rules: ---8<--- Instead of modifying the Snort rules, you can also create a file named sid-block.map which has to be in the same directory as Snort's sid-msg.map file (typically etc). In this file you can list the fwsam option using following syntax: <sid>:<option> For example: 1023: src, 15 min Alternatively, you may use a | (pipe) instead of a : (colon). This has the same effect as adding "fwsam: src, 15min;" to the Snort rule with SID 1023. You can specify options in both places (rules and sid-block.map file), but the sid file takes priority. The file has to be in the same directory as the other Snort config files (ie. sid-msg.map). --->8--- Regards, Frank
-- CL Martinez carlopmart {at} gmail {d0t} com ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Compiling snort for CheckPoint Firewall-1 support carlopmart (May 11)
- RE: Compiling snort for CheckPoint Firewall-1 support Paul Melson (May 11)
- Re: Compiling snort for CheckPoint Firewall-1 support Frank Knobbe (May 11)
- Re: Compiling snort for CheckPoint Firewall-1 support carlopmart (May 16)
- Re: Compiling snort for CheckPoint Firewall-1 support Frank Knobbe (May 12)
- Re: Compiling snort for CheckPoint Firewall-1 support carlopmart (May 16)
- Re: Compiling snort for CheckPoint Firewall-1 support Nigel Houghton (May 16)
- Re: Compiling snort for CheckPoint Firewall-1 support Will Metcalf (May 16)
- Re: Compiling snort for CheckPoint Firewall-1 support carlopmart (May 16)
- <Possible follow-ups>
- RE: Compiling snort for CheckPoint Firewall-1 support Briggs, Bruce (May 16)