[Snort-sigs] Rule FP, possible fix
warwick7th at ...2420...
Wed Dec 8 09:45:01 EST 2004
With Inline Snort being rolled into Snort 2.3.0 I have another newb question...
I believe I understand that Inline Snort uses the same rules as Snort
proper with the additional actions of Drop, Reject, and the other
traditional firewall ACL style actions.
Am I too far off the reservation when I say I could replace an ALERT
action with a DROP action and the rest of the rule would fire as I
Don't tread on me
More information about the Snort-sigs