[Snort-users] re: Pass rule question
adam.w.hogan at ...9362...
Wed Jun 11 11:17:03 EDT 2003
Looks like a small syntax error. Take out the second 'udp' you have in
the rule, and then it should work.
pass udp x.x.x.x any -> [y.y.y.y , z.z.z.z ] 161
From: lindsay.hunt at ...9431... [mailto:lindsay.hunt at ...9431...]
Sent: Wednesday, June 11, 2003 1:28 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] re: Pass rule question
I have a question regarding the use of pass rules. I am running snort
the "-o" option and want to ignore specific snmp traffic; specifically,
snmp requests from a particular ip address destined for 2 separate
I created a file called pass.rules and placed it in the rules directory.
has the following syntax:
pass udp x.x.x.x any -> udp [y.y.y.y , z.z.z.z ] 161
x.x.x.x corresponds to the source address and y and z to the destination
Is the syntax correct? The traffic that I want to ignore is still
up as alerts. Thanks in advance for any help.
CONFIDENTIALITY : This e-mail and any attachments are confidential and
be privileged. If you are not a named recipient, please notify the
immediately and do not disclose the contents to another person, use it
any purpose or store or copy the information in any medium.
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users