Re: Pulled Pork Not Enableing ET Rules

["Gibson, Nathan J. (HSC)" <Nathan-Gibson () ouhsc edu>]

I am not specific a security policy (per my documentation I am providing)

. I have read through the documentation in the enablisid and disablesid. I am obviously missing something because I 
felt I followed them to a "T".....That's why I included all the documentation in the e-mail so someone can look at them 
and tell me what I am missing.

From: Eoin Miller [mailto:eoin.miller () trojanedbinaries com]
Sent: Friday, May 20, 2011 3:15 PM
To: JJC
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Pulled Pork Not Enableing ET Rules

On 5/20/2011 8:13 PM, JJC wrote:
Actually, the default behavior should be to leave the rules in the state that they were in in the original source 
files.  Of course if you specify a security policy base (Security, Balanced, Connectivity) then it will modify the 
rulestate based on the metadata.

JJC

Just put what you want to omit into the ignore list, otherwise the default behavior is to enable the rule.

-- Eoin

Meant to say rules file. Not sid specifically.


-- Eoin

------------------------------------------------------------------------------
What Every C/C++ and Fortran developer Should Know!
Read this article and learn how Intel has extended the reach of its 
next-generation tools to help Windows* and Linux* C/C++ and Fortran 
developers boost performance applications - including clusters. 
http://p.sf.net/sfu/intel-dev2devmay

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users