[Snort-users] Ignoring more that one host completely

Srijith.K srijith at ...2240...
Wed Aug 14 03:29:04 EDT 2002


Hi,

The snort FAQ states that if I need to completely
ignore packets from a particular IP address I can use
the BPF style filter at command line like:

$ snort <commandline options> not host 192.168.0.1

My question is, what if I need to ignore more that one IP address?
How do I pass it in command line? Is it -

$ snort <commandline options> not host 192.168.0.1 192.168.10.1 192.168.12.1

is the sepetator between the IP addresses ' ' or is it something else?

Regards,
Srijith.K
School of Computing
National University of Singapore
Singapore

-=[ Quote of the moment ]=-
 One good turn gets most of the blanket.







More information about the Snort-users mailing list