[Snort-users] Pass rule not passing preprocessors
cmg at ...1935...
Mon Apr 21 06:22:15 EDT 2003
"Always Bishan" <bishan4u at ...1396...> writes:
> Hi Snorters,
> I wrote a pass rule which will pass anything coming
> from one machine.
> pass tcp 192.168.1.2 -> any any
> pass icmp 192.168.1.2 -> any any
> pass udp 192.168.1.2 -> any any
> Now by writing this pass rule I'm able to avoid any
> alerts from my rules directory, but preprocessors are
> still generating alerts.
> Is there anyway to avoid this?
If you want to omit traffic from that machine completely, disable all
traffic from it in your bpf filter for snort.
snort <command args> not host 192.168.1.2
Chris Green <cmg at ...1935...>
To err is human, to moo bovine.
More information about the Snort-users