[Snort-users] Stopping particular rules

GeEk koolman at ...2313...
Mon Jun 25 13:58:23 EDT 2001


Like Joe said you need you're -o option to get the custom ICMP rule you
created to work (because the -o option make pass rules take presidence) .
Also not all of the rules pertaning to ICMP are in the some are in
misc.rules and info.rules




-- 
LinSys

-----

When you die and your life flashes before your eyes does
that include the part where your life flashes before your
eyes?

-----

On Mon, 25 Jun 2001, Joe McAlerney wrote:

> Hello Bennett,
>
> I'm not sure why you are still seeing them when the includes are
> commented out.  Perhaps there are some hidden in other .rules files like
> Kiira said.  As far as your pass rule, you must use -o to change the
> rule ordering, or the "alert" icmp rules will take precedence.
>
> Happy Snorting,
>
> -Joe M.
>
>





More information about the Snort-users mailing list