[Snort-users] Question about negated and non-negated variables in rules
mkettler at ...4108...
Mon Dec 1 06:48:10 EST 2003
At 06:24 AM 11/29/2003, Jens-Harald Johansen wrote:
>But if I understand you correctly, I need to create pass rules for the
>hosts which are allowed to run the ICMP traffic ? Think I'll need to RTFM
>concerning pass rules. Haven't used them before.
pass rules are pretty straight forward, just make sure you pass the -o
parameter to snort's command line.
Also think your pass rules through carefully.. make sure you don't wind up
with a rule that is the equivalent of "pass any any -> any any".
More information about the Snort-users