[Snort-users] single ip address

Phil Wood cpw at ...440...
Thu Feb 21 19:19:04 EST 2002


On Thu, Feb 21, 2002 at 05:33:00PM -0800, Scott Taylor wrote:
> Hello all,
>   I'm having a hard time finding info on 
> applying rules to a single IP addy. For instance 
> if I want to ignore a single IP address what 
> would the pass rule look like?
> 
> pass tcp 192.168.12.4 -> any any
  pass tcp 192.168.12.4 any <> any any

or

  pass tcp 192.168.12.4/32 any <> any any

> 
> or do I need a /24 on the end of the IP?
> 
> Would this work in the snort.conf under home_net?
> 
> Cheers,
> take 1 chug and kiss the person on your right.
> 
> Scott

-- 
Phil Wood, cpw at ...440...




More information about the Snort-users mailing list