Re: Whitelist IP's?

["Joel Esler (jesler)" <jesler () cisco com>]

On Jul 8, 2014, at 3:48 PM, waldo kitty <wkitty42 () windstream net<mailto:wkitty42 () windstream net>> wrote:

On 7/8/2014 1:49 PM, Jeff Meigs wrote:
Hey Everyone,

Trying to whitelist an IP so I don’t receive alerts from it. Do I do this in the
threshold.conf? If so whats the proper way to write it?

try the reputation processor instead... whitelist the IPs you want to pass on
without molestation...

http://manual.snort.org/node176.html

and here's a link to copy of the README.reputation file...

https://github.com/jasonish/snort/blob/master/doc/README.reputation

bpf the IP out is the correct answer.


Putting the IP in the whitelist only whitelists the IP against the blacklist.  It has no effect on the rest of the 
engine.


------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!