[Snort-sigs] Inverted list of IPs

Martin Olsson elof at ...1288...
Tue Oct 28 08:22:18 EST 2003

I have this rule:
alert tcp any any -> any 80 (foo bar...)

Now I want to exclude two sourceaddresses from it. Can I simply do it like

alert tcp ![,] any -> any 80 (foo bar...)

..or will a packet from match the rule anyhow since !=


More information about the Snort-sigs mailing list