[Snort-sigs] "official" pass rules & feature request

Florin Andrei florin at ...697...
Fri Aug 2 09:50:06 EDT 2002


On Wed, 2002-07-31 at 11:40, McCammon, Keith wrote:
> 
> > Feature request:
> > It would be nice if a rule could rely on another. Like, say, 
> > define the
> > classic icmp echo request rule as "detect every echo request 
> > except for
> > what's defined in the Speedera echo request rule".
> > I imagine this would make the complexity of the detection engine go
> > skywards, so... i'm not sure...
> 
> Already done.  You just place the more specific rule (speedera) above the more general ICMP echo request rule.

Yes, that would implement the NOT operator.
But i was thinking of a more complex case, when perhaps you implement
AND, OR, etc...

Oh, anyway, it was just a thought.

-- 
Florin Andrei

The geek shall inherit the Earth...





More information about the Snort-sigs mailing list