Re: Raw IP packet filter rule

[Joel Esler <eslerj () gmail com>]

ip rules will do what you want, however, I have to ask if there isn't  
a better way to get what you want,

like suppression of portscan events, or using a bpf filter on the  
command line..

Joel

On Jan 18, 2009, at 7:44 PM, Ian Masters allegedly wrote:

> Hi
>
> I'd like to set up some pass rules for local "port scan", which  
> actually
> isn't.
>
> I know that pass rules accept tcp, udp, icmp and ip values, but am I
> right in thinking that using 'ip' will pass tcp, udp and icmp  
> packets too?
>
> How can I pass just these 'raw ip' packets?
>
> Thanks
>
> Ian
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> SourcForge Community
> SourceForge wants to tell your story.
> http://p.sf.net/sfu/sf-spreadtheword
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Joel Esler
  http://www.joelesler.net
  http://www.twitter.com/joelesler
[m]


------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users