[Snort-sigs] Rule FP, possible fix

warwick ackfin warwick7th at ...2420...
Wed Dec 8 09:45:01 EST 2004


With Inline Snort being rolled into Snort 2.3.0 I have another newb question...

I believe I understand that Inline Snort uses the same rules as Snort
proper with the additional actions of Drop, Reject, and the other
traditional firewall ACL style actions.

Am I too far off the reservation when I say I could replace an ALERT
action with a DROP action and the rest of the rule would fire as I
want?

-- 
Warwick AckFin

Don't tread on me
<><




More information about the Snort-sigs mailing list