[Snort-devel] processing reversed rules

Martin Roesch roesch at ...48...
Sat Jan 13 02:26:08 EST 2001


Interesting patch, I don't see why there's any reason we can't put that
in the system.  FYI, the bifurcation stuff was added by Phil Wood when
we were trying to get the IP lists working...

Thanks for the patch!

     -Marty


Chris Green wrote:
> 
> While playing with rules, I decided to add rules with the direction
> going backwards with the "<-" operator rather than "->"
> 
> I've seen places where I would have liked to write my rules of the
> form where the attacker is always on the left and my subnet is always
> on the right - mainly for quick C&Ps of rules.
> 
> A -> B
> A <- B
> 
> instead of
> 
> A -> B
> B -> A
> 
> This patch just rewrites the rules inside of rules.c
> rather than one doing it in the config file.
> 
> I adopted the same style as the BIFURCATE stuff ( which I assume was
> the old method of doing bidirectional rules ).
> 
> You need to add a #defined RULES_REVERESED to rules.h as well as this
> patch to use it
> 
>   ------------------------------------------------------------------------
>                              Name: reverse-rules.patch
>    reverse-rules.patch       Type: text/x-patch
>                       Description: reversed rules.patch
> 
>   ------------------------------------------------------------------------
> 
> --
> Chris Green <cmg at ...81...>
> "When the going gets weird, the weird turn pro..."
>                             -- Hunter S. Thompson

--
Martin Roesch
roesch at ...48...
http://www.snort.org




More information about the Snort-devel mailing list