[Snort-sigs] Pass rule problem

Ian Macdonald secsnortsigs at ...644...
Fri Feb 21 14:51:06 EST 2003

I have something like
pass tcp any <> 443 (msg: "LOCAL known
alert tcp any any -> any any (msg: "catch all rule";

the idea is that I want to log everthing that is not know traffic.
However I am still getting events bing triggered by ->
which I thought would have been bypassed by the pass rule. I am running with
the -o option.

Any ideas? snort 1.9.0

More information about the Snort-sigs mailing list