Snort mailing list archives
Re: Compiling snort for CheckPoint Firewall-1 support
From: carlopmart <carlopmart () gmail com>
Date: Fri, 12 May 2006 16:54:50 +0200
Thanks Frank, I don't see this feature. Many thanks to all. Frank Knobbe wrote:
On Fri, 2006-05-12 at 11:00 +0200, carlopmart wrote:Yes, correct but I need to modify snort rules by hand if i would to block some connections with snortsam (and if I launch process to update snort rules, they are overwritted and I lose my changes). I need to block connections immediately using snort rules and custom rules.You can create a sid-block.map file instead of modifying rules. See README.rules: ---8<--- Instead of modifying the Snort rules, you can also create a file named sid-block.map which has to be in the same directory as Snort's sid-msg.map file (typically etc). In this file you can list the fwsam option using following syntax: <sid>:<option> For example: 1023: src, 15 min Alternatively, you may use a | (pipe) instead of a : (colon). This has the same effect as adding "fwsam: src, 15min;" to the Snort rule with SID 1023. You can specify options in both places (rules and sid-block.map file), but the sid file takes priority. The file has to be in the same directory as the other Snort config files (ie. sid-msg.map). --->8--- Regards, Frank
--
CL Martinez
carlopmart {at} gmail {d0t} com
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Compiling snort for CheckPoint Firewall-1 support carlopmart (May 11)
- RE: Compiling snort for CheckPoint Firewall-1 support Paul Melson (May 11)
- Re: Compiling snort for CheckPoint Firewall-1 support Frank Knobbe (May 11)
- Re: Compiling snort for CheckPoint Firewall-1 support carlopmart (May 16)
- Re: Compiling snort for CheckPoint Firewall-1 support Frank Knobbe (May 12)
- Re: Compiling snort for CheckPoint Firewall-1 support carlopmart (May 16)
- Re: Compiling snort for CheckPoint Firewall-1 support Nigel Houghton (May 16)
- Re: Compiling snort for CheckPoint Firewall-1 support Will Metcalf (May 16)
- Re: Compiling snort for CheckPoint Firewall-1 support carlopmart (May 16)
- <Possible follow-ups>
- RE: Compiling snort for CheckPoint Firewall-1 support Briggs, Bruce (May 16)