[Snort-sigs] snort whitelist

Dale L. Handy dhandy at ...1244...
Thu Mar 25 10:26:05 EST 2004

If you wanted, for instance, to ignore packets from, you would 
create a rule:

    pass ip any -> any any (msg:"Pass, friend";)

and then, since pass rules are evaluated *AFTER* alert and other types, 
you must change the rule order by either running snort with the -o 
option, or putting a line in the snort.conf file:

    config order: pass, alert

I hope this helps (and I hope I got it right...)

MEGA Hospedagem wrote:

>is it possible to set snort to don't even analyze packets from certain
>This SF.Net email is sponsored by: IBM Linux Tutorials
>Free Linux tutorial presented by Daniel Robbins, President and CEO of
>GenToo technologies. Learn everything from fundamentals to system
>Snort-sigs mailing list
>Snort-sigs at lists.sourceforge.net

"The trouble with doing something right the first time 
 is that nobody appreciates how difficult it was."

-- Dale L. Handy, P.E.
   dhandy at ...1244...

More information about the Snort-sigs mailing list