[Snort-users] Negating ports

shawn . moyer shawn at ...1184...
Wed Jan 31 00:13:35 EST 2001


pass tcp any any <> $HOME_NET 135:139
pass udp any any <> $HOME_NET 135:139

Then make sure you start snort with the '-o' option.

But I would suggest that you are better off editing the rules file and
either deleting or negating (changing to pass) the specific rule you
want to disable.

"Deterding, Brent D." wrote:
> Heya,
>         Which of these rules would NOT look at tcp port 135-139?
> alert tcp any !135:139
> OR
> alert tcp any !135:136:137:138:139
> thanks!


s h a w n   m o y e r
shawn at ...1184...

More information about the Snort-users mailing list