[Snort-users] multiple ports in rule
mkettler at ...4108...
Wed Dec 17 13:36:02 EST 2003
At 01:19 PM 12/17/2003, Bryan Irvine wrote:
>Is there a way to specify not to use port 25 either?
>ie [!80 !25] or something?
>This is snort v 2.0.1 by the way.
ports can be single ports, ranges of ports, or negations of either. They
can NOT be comma delimited lists. (At this time only IP addresses can be lists)
besides, even if you could do that [!80, !25] would be the same as "any"...
you'd have meant to do ![80, 25]. There's a very important difference
between the two in terms of boolean algebra...
be sure to make a note of it so you don't screw up your network range
declarations, since IP addresses do support this syntax.
More information about the Snort-users