cmg at ...81...
Fri Jan 4 17:15:05 EST 2002
ndesai01 at ...1037... writes:
> If I am reading the rules.c file correctly once the rules have been parsed
> they are sent to either the IP chain, TCP chain, UDP chain or ICMP chain.
> Am I missing something or just make things harder than they need to
The best explanation of it is in the FAQ
It is confusing to to get used to because of the multiple types of
The only thing I don't quite understand is how IP and ICMP rules
organize themselves. Do they all get thrown into a single chain
because they have no ports to group by?
DumpChain() gives a good example of transversing it
Hope it helps, in doing my own evil functions at the moment, I've had
to look at it a lot
Chris Green <cmg at ...81...>
A good pun is its own reword.
More information about the Snort-devel