[Snort-sigs] dropping traffic

Esler, Joel Contractor EslerJ at ...785...
Wed May 28 07:05:19 EDT 2003

pass $SMTP_SERVERS any -> $EXTERNAL_NET any (msg:"Traffic dropper";

What would I write to be able to drop all traffic from the email server
(filter it out basically)....  or what could I write to trigger an IP?
(both ways I am asking)....

alert <IP here> any -> $HOME_NET (msg:"<IP here> connection event";

or something??


More information about the Snort-sigs mailing list