[Snort-users] Pass rule not passing preprocessors

Chris Green cmg at ...1935...
Mon Apr 21 06:22:15 EDT 2003


"Always Bishan" <bishan4u at ...1396...> writes:

> Hi Snorters,
>
> I wrote a pass rule which will pass anything coming
> from one machine.
> pass tcp 192.168.1.2 -> any any
> pass icmp 192.168.1.2 -> any any
> pass udp 192.168.1.2 -> any any
>

[...]

> Now by writing this pass rule I'm able to avoid any
> alerts from my rules directory, but preprocessors are
> still generating alerts. 
>
> Is there anyway to avoid this?

If you want to omit traffic from that machine completely, disable all
traffic from it in your bpf filter for snort.

snort <command args> not host 192.168.1.2
-- 
Chris Green <cmg at ...1935...>
To err is human, to moo bovine.




More information about the Snort-users mailing list