[Snort-users] pass rule problem
dave at ...1192...
Thu Jan 25 09:13:35 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
try using the -o option when initialising snort, this causes the pass rules to be processed first.
Quoting alexh at ...1207... (alexh at ...1207...):
> I've just upgraded to 1.7, which is nice, but I'm having a problem getting
> pass rules to work.
> With 1.6, I would use the rules
> pass tcp any 80 -> $HOME_NET any
> pass tcp any any -> $HOME_NET 80
> # [snip other pass rules]
> log tcp any any -> $HOME_NET :1023
> to exclude web traffic from the logs. This worked fine.
> However, using exactly the same rules with snort1.7, web traffic *is* being
> After much commenting out of rules, I am sure that these are the culprits.
> I tried altering the pass rules to
> pass tcp any 80 <> any any
> but it made no difference. Am I just being my usual stupid self, or is there
> a less humiliating explanation, I wonder?
>  -- I may be understating here.
> Alex Hooper
> Senior Programmer
> Clockwork Web.
> +44 20 7471 0770
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
Dave Ryan Default Security
http://www.default.org.uk/~dave dave at ...1192...
GnuPG Key: http://www.default.org.uk/~dave/gpgkey.asc
Fingerprint: F418 C882 FF03 82A0 A99A 2720 669C E8C3 44B8 2A0F
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (OpenBSD)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Snort-users