[Snort-devel] Snort 2.8.2.1 Now Available

Steven Sturges steve.sturges at ...402...
Wed Jul 23 13:13:31 EDT 2008


Hi Christian--

Can you send us relevant parts of your configuration?
How are your prioritizing rules?  Priority?  Use of
-o flag (or other command-line switches)?

When you say "pass rules in front", what do you mean?

Cheers.
-steve

christian mock wrote:
> On Tue, Jun 17, 2008 at 04:52:24PM -0400, Snort Releases wrote:
> 
>> Snort 2.8.2.1 fixes a problem in which pass rules sometimes did not take 
>> precedence over alert and/or drop rules.
> 
> I'm still seeing "pass" rules getting ignored with 2.8.2.1. I'm not able
> to reproduce it with a minimal (testcase) ruleset, but when I have a 
> "normal" (9100 rules) ruleset with a pass rules in front, some of
> those are ignored, depending on the amount of pass rules present...
> 
> cm.
> 




More information about the Snort-devel mailing list