[Snort-users] what is the difference between these rules!??!?!

funky azimlinux at ...131...
Sat Aug 3 10:43:03 EDT 2002


I'm trying to block some sites using the hogwash patch
for Snort.

I tried the rule below like the porn.rules:

drop tcp $EXTERNAL_NET 80 -> $HOME_NET any /
(msg:"Game site in not

Tyring to enter a web-site froma client, for exemple
www.tavla.com, i can enter that, why!?!??!?!
i have to modify the rule like below in order to block
the site:

drop tcp any any <> any any /
(msg:"Game site is not allowed!!"; content:"tavla";)

Now i'M not allowed to enter the sites.
So do i have to modify the rules like that which i
wanna apply the "drop" option!??!??!

Anyone can help me in that case please?!?!?



Do You Yahoo!?
Yahoo! Health - Feel better, live better

More information about the Snort-users mailing list