Re: rules in snort inline

[Joel Esler <jesler () sourcefire com>]

On Jun 15, 2010, at 3:52 PM, Nigel Houghton wrote:
> On Tue, Jun 15, 2010 at 3:33 PM, black_angel black_angel
> <black.sad.angel () gmail com> wrote:
> > hey everybody,
> > i try to change all the rules for my snort inline from mode "alert" to
> > "drop" i used this script but it doesn't work correctly:
> >
> > cd /etc/snort_inline/rules/
> >
> > for file in $(ls -1 *.rules)
> >
> > do
> >
> >                sed -e 's:^alert:drop:g' ${file} > ${file}.new
> >
> >                mv ${file}.new ${file} -f
> >
> > done
> > if someone have another script or any idea
>
>
> Don't do that, any of you. There are flowbit rules (the ones that set
> a flowbit) that should never be set to drop.
>
> Use Pulled Pork or Oinkmaster to manage your rules and make changes.
> That is all.

Yes, and doing the above will also assure to make sure your network ceases to function.

--
Joel Esler



------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users