[Snort-users] ICMP logs

jan at ...1739... jan at ...1739...
Fri May 25 10:49:59 EDT 2001


Oh well...

I've tried to write a pass rule for ICMP type 3 code 3 from my
border router to my firewall. 

It looks like this:

pass icmp my.border.router/32 any -> my.fire.wall/32 any
(itype:"3";icode:"3";)

Snort doesn't complain and starts nicely, but keeps logging
them, although I DID specify -o. 


Version's 1.7, Platform FreeBSD 4.2 STABLE. 

Any suggestions? Drives me mad. 

Cheers, Jan

-- 
Radio HUNDERT,6 Medien GmbH Berlin
- EDV -
j.muenther at ...206...




More information about the Snort-users mailing list