[Snort-sigs] newbie rule writer

Steve Postma spostma at ...723...
Mon Aug 5 12:06:19 EDT 2002


I am trying to modify my rules so that any pings from the machine at
10.5.75.229 does not result in an alert. 
I have tried the modification below, but am getting this error. snort snort:
FATAL ERROR: ERROR icmp-info.rules (33): Illegal direction specifier: any"
 
What is the correct syntax to remove one IP from a rule?
 
 
 
alert icmp !10.5.75.229 any,$HOME_NET any -> $EXTERNAL_NET any 
 
Thanks for your time, 
Steve
 
 
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20020805/5fbf8923/attachment.html>


More information about the Snort-sigs mailing list