[Snort-users] Rule header variables

Jim Schwin jims at ...2369...
Wed Jan 22 15:49:04 EST 2003


Hello All,
 
Can a rule header specify all traffic except a few subnets or hosts? In this
example can the source have variables to exclude a few subnets or hosts? 
 
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"GAMBLING
GAMES";content:"GAMBLING"; nocase; flow:to_client,established; sid:20000;
rev:1000;)
 
thanks
 
js
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030122/47b85fb6/attachment.html>


More information about the Snort-users mailing list