[Snort-users] A little pass rule help

L. Christopher Luther CLuther at ...6333...
Mon Apr 14 15:32:04 EDT 2003


10.0.0.0 is not a valid host IP -- it's a network address.  So if you want
to have the 10.0.0.0 network be the destination of the pass rule, then the
rule should look something like:  

	pass ip 10.0.30.4 any -> 10.0.0.0/8 any 

The second rule should also include a port designator:  

	pass ip 10.0.20.6 any -> any any 

See if this helps.  

- Christopher 


-----Original Message-----
From: Keg [mailto:snrtlst at ...2792...]
Sent: Monday, April 14, 2003 5:14 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] A little pass rule help


I have 2 pass rules that I placed in local.rules: (snort started with -o)
pass ip 10.0.30.4 any -> 10.0.0.0 any
pass ip 10.0.20.6 any -> any
First should take care of cluster servers broadcasts, second takes care 
of weird ICMP redirects from Shiva device. Snort cannot be started and 
it complains about those pass rules, the moment I disable 'em snort is 
started and it works fine.
Is there a syntax problem with those pass rules?
Thanks.
-- 
Your favorite stores, helpful shopping tools and great gift ideas. 
Experience the convenience of buying online with Shop at ...2793...! 
http://shopnow.netscape.com/



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030414/ba77cdc4/attachment.html>


More information about the Snort-users mailing list