[Snort-users] what is the difference between these rules!??!?!

funky azimlinux at ...131...
Sat Aug 3 10:43:03 EDT 2002


Hi,

I'm trying to block some sites using the hogwash patch
for Snort.

I tried the rule below like the porn.rules:

drop tcp $EXTERNAL_NET 80 -> $HOME_NET any /
(msg:"Game site in not
allowed!!";content:"tavla";nocase;flags:A+)

Tyring to enter a web-site froma client, for exemple
www.tavla.com, i can enter that, why!?!??!?!
i have to modify the rule like below in order to block
the site:

drop tcp any any <> any any /
(msg:"Game site is not allowed!!"; content:"tavla";)

Now i'M not allowed to enter the sites.
So do i have to modify the rules like that which i
wanna apply the "drop" option!??!??!

Anyone can help me in that case please?!?!?

thanx

funky
Istanbul



__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com




More information about the Snort-users mailing list