[Snort-users] HELP on configuration

Enrico M.V. Fasanelli Enrico.M.V.Fasanelli at ...4883...
Wed Feb 6 06:15:08 EST 2002

Dear all,

I run snort-mysql+flexresp-1.8.3-5snort on a RedHat 7.2 box.

Following the FAQ, I've write some rules for passing some traffic
(afs3-callback) and started snort daemon with the -o flag.

The problem is that some rules seems to work, and some other seems to be

In particular:

   var LE_AFS_SERVERS [,,,,]

   pass udp $LE_AFS_SERVERS 7000 -> $HOME_NET 7001

works fine, and the


   pass udp $INFN_AFS_SERVERS 7000 -> $HOME_NET 7001

does not works.

The ONLY difference is that hosts listed in the LE_AFS_SERVERS belongs to
HOME_NET and the host in the INFN_AFS_SERVERS is not in HOME_NET.

Any hint?

Thanks in advance


      Enrico M.V. Fasanelli          Phone +39 0832 320.435/448
Istituto Nazionale Fisica Nucleare   Fax   +39 0832 325128
       Sezione di Lecce              mailto:Enrico.M.V.Fasanelli at ...4883...
  Servizio di Calcolo & Reti         Via per Arnesano, I-73100 LECCE (Italy)

More information about the Snort-users mailing list