[Snort-users] Snort pass rules question

McCammon, Keith Keith.McCammon at ...3497...
Mon Aug 12 13:58:03 EDT 2002


> pass udp 192.168.1.3 any -> 192.168.1.1 161
> 
> Is my syntax correct? Do I have to use the -o switch to get 
> it to use the
> local.rules?
> Thanks

Your syntax is fine.  And yes, you need the -o switch, but it's not to tell Snort to use local.rules.  If local.rules has an include in snort.conf, then it's getting loaded.  The -o switch tells Snort to match pass rules prior to the others.




More information about the Snort-users mailing list