[Snort-sigs] snort whitelist

Dale L. Handy dhandy at ...1244...
Thu Mar 25 10:26:05 EST 2004


If you wanted, for instance, to ignore packets from 10.2.3.4, you would 
create a rule:

    pass ip 10.2.3.4 any -> any any (msg:"Pass, friend";)

and then, since pass rules are evaluated *AFTER* alert and other types, 
you must change the rule order by either running snort with the -o 
option, or putting a line in the snort.conf file:

    config order: pass, alert

I hope this helps (and I hope I got it right...)


MEGA Hospedagem wrote:

>is it possible to set snort to don't even analyze packets from certain
>IP?
>
>thanks
>
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: IBM Linux Tutorials
>Free Linux tutorial presented by Daniel Robbins, President and CEO of
>GenToo technologies. Learn everything from fundamentals to system
>administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
>_______________________________________________
>Snort-sigs mailing list
>Snort-sigs at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>
>  
>

-- 
"The trouble with doing something right the first time 
 is that nobody appreciates how difficult it was."

-- Dale L. Handy, P.E.
   dhandy at ...1244...
   http://www.nitrodata.com






More information about the Snort-sigs mailing list