[Snort-users] Pass rule help

Sheahan, Paul (PCLN-NW) Paul.Sheahan at ...2218...
Wed Jun 20 15:30:38 EDT 2001


This is my first attempt at writing a pass rule so I thought I would post a
message for a tip or two.

Occasionally I send emails directly from my Snort server which tends to set
off alarms. I want to pass all mail traffic from the snort server to the
mail server with a rule such as:

pass snortserver any -> mailserver 25

My questions are as follows:

1. What rules file to place this pass statement in
2. Where in the rules file should it be placed (before or after the alert
statements)
3. Does it matter where or in what order I place this rules file in
snort.conf?

Thanks for helping us newbies out!

Paul





More information about the Snort-users mailing list