[Snort-users] permit rules

konsul at ...1169... konsul at ...1169...
Sun Jan 21 09:11:17 EST 2001


Hello again. I have following situation. In my network, present
server, which monitoring net devices (cisco, servers, services e.t.c)
this machine, generate lot of traffic, which log into snort alert's
(usualy ICMP ), for passing this trafic throuhg snort, i'm set up
next string in the snort.conf, befor 'include' keywords.
pass tcp x.x.x.x/32 any > y.y.y.0/24 any
pass udp x.x.x.x/32 any > y.y.y.0/24 any
pass icmp x.x.x.x/32 any > y.y.y.0/24 any
where x.x.x.x - server address, and y.y.y.0/24 - my subnet, but it's
has no effect. traffic from this host logging to alert again. What is
it ?
  

-- 
Best regards,
 konsul                          mailto:konsul at ...1169...






More information about the Snort-users mailing list