[Snort-users] Question about negated and non-negated variables in rules

Matt Kettler mkettler at ...4108...
Mon Dec 1 06:48:10 EST 2003


At 06:24 AM 11/29/2003, Jens-Harald Johansen wrote:
>But if I understand you correctly, I need to create pass rules for the 
>hosts which are allowed to run the ICMP traffic ? Think I'll need to RTFM 
>concerning pass rules. Haven't used them before.

pass rules are pretty straight forward, just make sure you pass the -o 
parameter to snort's command line.

Also think your pass rules through carefully.. make sure you don't wind up 
with a rule that is the equivalent of "pass any any -> any any".







More information about the Snort-users mailing list