[Snort-devel] processing reversed rules

Chris Green cmg at ...81...
Thu Jan 11 14:04:32 EST 2001


While playing with rules, I decided to add rules with the direction
going backwards with the "<-" operator rather than "->"

I've seen places where I would have liked to write my rules of the
form where the attacker is always on the left and my subnet is always
on the right - mainly for quick C&Ps of rules.

A -> B
A <- B

instead of

A -> B
B -> A 

This patch just rewrites the rules inside of rules.c
rather than one doing it in the config file.

I adopted the same style as the BIFURCATE stuff ( which I assume was
the old method of doing bidirectional rules ).

You need to add a #defined RULES_REVERESED to rules.h as well as this
patch to use it

-------------- next part --------------
A non-text attachment was scrubbed...
Name: reverse-rules.patch
Type: text/x-patch
Size: 1445 bytes
Desc: reversed rules.patch
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20010111/17ac0a3e/attachment.bin>
-------------- next part --------------

-- 
Chris Green <cmg at ...81...>
"When the going gets weird, the weird turn pro..."
                            -- Hunter S. Thompson


More information about the Snort-devel mailing list